Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-8205

Kafka SSL encryption of data at rest

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.0.1
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Environment:
      All

      Description

      Recently we enabled SSL on our kafka cluster which earlier had SASL PLAINTEXT. Everything works fine from both producer and consumer standpoint as expected with one strange behavior. We noticed data in the log file is also encrypted which we didn't thought of because SSL is meant for transport level security not to encrypt data at rest.

      It doesn't mean we have any issues with that but would like to understand what enables to perform encrypting data at rest. Do we have a way to:-

      1) turn it off

      2) Extend the encryption algorithm if company would like to use their own key management system and different algorithm.

      After going through Kafka docs, we realized there is a KIP already in discussion but how come it's implemented without been approved?

      https://cwiki.apache.org/confluence/display/KAFKA/KIP-317%3A+Add+transparent+data+encryption+functionality

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nitena2019 Niten Aggarwal
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: