Kafka Connect configuration Password/Secrets encryption

553 views
Skip to first unread message

Oliver Lopes

unread,
Apr 12, 2021, 5:16:25 PM4/12/21
to Confluent Platform
Hi, 
is there any way to encrypt the user id details/password/secrets/connect uri string which are passed in kafka/confluent connect configuration while creating the connector.

for example below, wanted to encrypt mongodb.user and mongodb.password
{
"name": "mngdbz-0316",
        "config":{
            "connector.class": "io.debezium.connector.mongodb.MongoDbConnector",
"mongodb.hosts": "srver host",
"mongodb.name": "DB",
"mongodb.user": "user name",
"mongodb.password": "password",
"mongodb.authsource": "$external",
"mongodb.ssl.enabled": true
        }
}

for ex:
"connection.uri": "mongodb://username:password@sever:27017/?ssl=true&readPreference=secondaryPreferred&serverSelectionTimeoutMS=60000&connectTimeoutMS=60000&replicaSet=RSDEV01&authSource=$external&authMechanism=PLAIN",

the problem if we dont do encrypt, if someone download the connector configuration, they can see user/passed details.

Matthew Tice

unread,
Apr 12, 2021, 8:57:16 PM4/12/21
to confluent...@googlegroups.com
Robin Moffatt has a great write up on how to do this.


--
You received this message because you are subscribed to the Google Groups "Confluent Platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to confluent-platf...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/confluent-platform/a3ed8be3-6ceb-4a97-944a-68b95ab760can%40googlegroups.com.

Sanju Thomas

unread,
Apr 12, 2021, 9:21:04 PM4/12/21
to confluent...@googlegroups.com
That was a very good write-up. 
You can load config from anywhere if you can write an implementation for org.apache.kafka.common.config.provider.ConfigProvider.
If you got a secret store like HashiCorp Vault, you can load the credentials directly from secret store. An example can be found at https://gitlab.com/axual-public/vault-config-provider/-/tree/master




To view this discussion on the web visit https://groups.google.com/d/msgid/confluent-platform/CA%2BtaBv8wg6nL%2BpAxCXt2B7Mk0dp%2BB7mTgz4dZ1G3h6zentksew%40mail.gmail.com.

Oliver Lopes

unread,
Apr 12, 2021, 9:53:00 PM4/12/21
to Confluent Platform
Thank you all, This is what i am expecting.

Thank you.

Reply all
Reply to author
Forward
0 new messages