all InfoSec news
RBAC Authorization with Confluent Kafka
Feb. 15, 2023, 12:43 p.m. | Hieu Nguyen
System Weakness - Medium systemweakness.com
Security is a primary consideration for any system design. For a Kafka deployment to be production-ready, it needs to be configured with security features such as authentication, authorization, encryption, etc.
This article will helps you enable RBAC authorization feature for Confluent Kafka using Metadata Service.
TL;DR: Example Configuration Files
Example Variables’ Values
# Connection to LDAP Service
LDAP_HOSTNAME="openldap.example.com"
LDAP_PORT=389
LDAP_BIND_USERNAME="exampleUser"
LDAP_BIND_DN="cn=${LDAP_BIND_USERNAME},ou=KafkaUsers,dc=example,dc=com"
LDAP_BIND_PASSWORD="examplePassword"
USERNAME_ATTRIBUTE="cn"
USER_OBJECT_CLASS="person"
USER_SEARCH_BASE="ou=KafkaUsers,dc=example,dc=com"
PASSWORD_ATTRIBUTE="userPassword"
# MDS variables
PEM_KEYPAIR_DIR="/opt/confluent/mds"
PRIVATE_KEY="mds.pem"
PUBLIC_KEY="mds.pub"
LDAP_USERNAME="${LDAP_BIND_USERNAME}"
LDAP_USER_PASSWORD="${LDAP_BIND_PASSWORD}"
Broker Config File
Config File Template …
More from systemweakness.com / System Weakness - Medium
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cloud Technical Solutions Engineer, Security
@ Google | Mexico City, CDMX, Mexico
Assoc Eng Equipment Engineering
@ GlobalFoundries | SGP - Woodlands
Staff Security Engineer, Cloud Infrastructure
@ Flexport | Bellevue, WA; San Francisco, CA
Software Engineer III, Google Cloud Security and Privacy
@ Google | Sunnyvale, CA, USA
Software Engineering Manager II, Infrastructure, Google Cloud Security and Privacy
@ Google | San Francisco, CA, USA; Sunnyvale, CA, USA