You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Clayton Wohl <cl...@gmail.com> on 2022/01/07 20:07:08 UTC

Feature Request: Custom Keystore as a classpath resource

Currently, to use a custom keystore with the JVM Kafka consumer/producer
API, you need to have your keystore file on disk and configure it with an
absolute file path like this:

Properties kafkaProperties = new Properties();
kafkaProperties.setProperty(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG,
"SSL");
kafkaProperties.setProperty(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG,
"PKCS12");
kafkaProperties.setProperty(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG,
"/tmp/ca.p12");
kafkaProperties.setProperty(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG,
kafkaTrustStorePassword);
kafkaProperties.setProperty(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "PKCS12");
kafkaProperties.setProperty(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG,
"/tmp/user.p12");
kafkaProperties.setProperty(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG,
kafkaKeyStorePassword);

However, I'm running in an environment where I don't have reliable access
to the local file system. Specifically, I'm writing Java-based Flink
applications that run on Aamazon's Kinesis Analytics environment. The
official Kinesis Analytics docs recommend you configure your keystores as
classpath resources in your Flink .jar application, and at runtime, you
copy the keystores to the /tmp directory:

https://docs.aws.amazon.com/kinesisanalytics/latest/java/example-keystore.html

However this strategy is intermittently working/failing. It would be
helpful if the Kafka JVM API supported configuring keystores directly via a
classpath resource.

Thanks!