SASL Authentication
Last updated
Last updated
SASL Authentication uses usernames and passwords to authenticate your Kafka clients. By default Kafka clients communicating with WarpStream Agents use PLAINTEXT, meaning that all data is sent in plain text (unencrypted), this includes the SASL usernames and passwords.
When using SASL it is recommended to Configure TLS Encrpytion for your WarpStream Cluster.
The WarpStream Agents support SASL/PLAIN and SASL/SCRAM-SHA-512 for communication.
In order to connect an Apache Kafka client to the authenticated WarpStream Agent, you'll need to create a set of credentials. You can do that by navigating to the "Virtual Clusters" section of the WarpStream Console and then clicking "View Credentials" on the Virtual Cluster that you want to create a set of credentials for.
Once you're on the credentials view, you can create a new set of SASL credentials by clicking the "New Credentials" button.
Insert the name that you want the credential to have, check super user if desired, click Create Credentials
Once you're done creating the credentials, the admin console will show you the username and password one time. Store these values somewhere safe, as you'll never be able to view them again. WarpStream does not store them in plaintext, so we cannot retrieve them for you.
In the case that you lose your credentials, you can create a new set of credentials in the admin console following the same steps as above, up to a limit of 100 credentials.
Set the WARPSTREAM_REQUIRE_SASL_AUTHENTICATION environment variable to true.
Once authentication is enabled on the Agent, it will enforce that all Apache Kafka clients that connect to them authenticate themselves via SASL. Otherwise, it will refuse the connection.
For configuring SASL in your Kafka clients it is recommended to review the documentation for your Kafka client. Every Kafka client configures SASL differently and those configurations may change version to version.
We recommend using the Confluent Platform documentation to learn how to configure Java-based clients for SASL.
