Kafka Connect configuration Password/Secrets encryption

Skip to first unread message

Oliver Lopes

Apr 12, 2021, 5:16:25 PM4/12/21
to Confluent Platform
is there any way to encrypt the user id details/password/secrets/connect uri string which are passed in kafka/confluent connect configuration while creating the connector.

for example below, wanted to encrypt mongodb.user and mongodb.password
"name": "mngdbz-0316",
            "connector.class": "io.debezium.connector.mongodb.MongoDbConnector",
"mongodb.hosts": "srver host",
"mongodb.name": "DB",
"mongodb.user": "user name",
"mongodb.password": "password",
"mongodb.authsource": "$external",
"mongodb.ssl.enabled": true

for ex:
"connection.uri": "mongodb://username:password@sever:27017/?ssl=true&readPreference=secondaryPreferred&serverSelectionTimeoutMS=60000&connectTimeoutMS=60000&replicaSet=RSDEV01&authSource=$external&authMechanism=PLAIN",

the problem if we dont do encrypt, if someone download the connector configuration, they can see user/passed details.

Matthew Tice

Apr 12, 2021, 8:57:16 PM4/12/21
to confluent...@googlegroups.com
Robin Moffatt has a great write up on how to do this.

You received this message because you are subscribed to the Google Groups "Confluent Platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to confluent-platf...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/confluent-platform/a3ed8be3-6ceb-4a97-944a-68b95ab760can%40googlegroups.com.

Sanju Thomas

Apr 12, 2021, 9:21:04 PM4/12/21
to confluent...@googlegroups.com
That was a very good write-up. 
You can load config from anywhere if you can write an implementation for org.apache.kafka.common.config.provider.ConfigProvider.
If you got a secret store like HashiCorp Vault, you can load the credentials directly from secret store. An example can be found at https://gitlab.com/axual-public/vault-config-provider/-/tree/master

Oliver Lopes

Apr 12, 2021, 9:53:00 PM4/12/21
to Confluent Platform
Thank you all, This is what i am expecting.

Thank you.

Reply all
Reply to author
0 new messages