Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-6886

Externalize Secrets for Kafka Connect Configurations

Agile BoardAttach filesAttach ScreenshotVotersStop watchingWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0
    • KafkaConnect
    • None

    Description

      Kafka Connect's connector configurations have plaintext passwords, and Connect stores these in cleartext either on the filesystem (for standalone mode) or in internal topics (for distributed mode).

      Connect should not store or transmit cleartext passwords in connector configurations. Secrets in stored connector configurations should be allowed to be replaced with references to values stored in external secret management systems. Connect should provide an extension point for adding customized integrations, as well as provide a file-based extension as an example. Second, a Connect runtime should be allowed to be configured to use one or more of these extensions, and allow connector configurations to use placeholders that will be resolved by the runtime before passing the complete connector configurations to connectors. This will allow existing connectors to not see any difference in the configurations that Connect provides to them at startup. And third, Connect's API should be changed to allow a connector to obtain the latest connector configuration at any time.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rayokota Robert Yokota
            rayokota Robert Yokota
            Votes:
            0 Vote for this issue
            Watchers:
            3 Stop watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment