Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-7685

Support loading trust stores from classpath

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 2.1.0
    • None
    • clients
    • None

    Description

      Certificate pinning as well as authenticating kafka brokers using a non-public CA certificate maintained inside an organisation is desirable to a lot of users. This can be accomplished today using the ssl.truststore.location configuration property. Unfortunately, this value is always interpreted as a filesystem path which makes distribution of such an alternative truststore a needlessly cumbersome process. If we had the ability to load a trust store from the classpath as well as from a file, the trust store could be shipped in a jar that could be declared as a regular maven style dependency.

      If we did this by supporting prefixing ssl.truststore.location with classpath: this could be a backwards compatible change, one that builds on prior design patterns established by for example the Spring project.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              noa Noa Resare
              Votes:
              12 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated: