{"id":14890,"date":"2018-05-21T06:30:26","date_gmt":"2018-05-21T06:30:26","guid":{"rendered":"https:\/\/data-flair.training\/blogs\/?p=14890"},"modified":"2018-05-21T06:30:26","modified_gmt":"2018-05-21T06:30:26","slug":"kafka-security","status":"publish","type":"post","link":"https:\/\/data-flair.training\/blogs\/kafka-security\/","title":{"rendered":"Apache Kafka Security | Need and Components of Kafka"},"content":{"rendered":"<p><span style=\"font-weight: 400\">Today, in this Kafka Tutorial, we will see the concept of\u00a0<strong>Apache Kafka<\/strong> Security. Kafka Security tutorial includes why we need security, introduction to encryption in detail. <\/span><\/p>\n<p><span style=\"font-weight: 400\">With this, we will discuss the list of problems which Kafka Security can solve easily. Moreover, we will see Kafka authentication and authorization. Also, we will look at ZooKeeper Authentication.<\/span><\/p>\n<p>So, let&#8217;s begin Apache Kafka Security.<\/p>\n<h2>What is Apache Kafka Security<\/h2>\n<p>There are a number of features added in the Kafka community, in release 0.9.0.0. There is a flexibility for their usage also, like either separately or together,\u00a0that also enhances security in a<strong> Kafka cluster<\/strong>.<\/p>\n<div id=\"attachment_14903\" style=\"width: 644px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-1.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-14903\" class=\"wp-image-14903 size-full\" src=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-1.png\" alt=\"Kafka Security\" width=\"634\" height=\"628\" srcset=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-1.png 634w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-1-150x150.png 150w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-1-300x297.png 300w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-1-100x100.png 100w\" sizes=\"auto, (max-width: 634px) 100vw, 634px\" \/><\/a><p id=\"caption-attachment-14903\" class=\"wp-caption-text\">Apache Kafka Security Working<\/p><\/div>\n<p><span style=\"font-weight: 400\"> So, the list of currently supported security measures are:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">By using either SSL or SASL, authentication of connections to <strong>Kafka Brokers<\/strong> from clients, other tools are possible. It supports various SASL mechanisms:<\/span><\/li>\n<\/ol>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\"><strong>SASL\/GSSAPI (Kerberos)<\/strong> &#8211; starting at version 0.9.0.0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\"><strong>SASL\/PLAIN<\/strong> &#8211; starting at version 0.10.0.0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\"><strong>SASL\/SCRAM-SHA-256 and SASL\/SCRAM-SHA-512<\/strong> &#8211; starting at version 0.10.2.0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">2. Also, offers authentication of connections from <strong>brokers<\/strong> to <strong>ZooKeeper<\/strong>.<\/span><br \/>\n<span style=\"font-weight: 400\">3. Moreover, it provides encryption of data\u00a0which is transferring between brokers and <strong>Kafka clients<\/strong> or between brokers and tools using SSL, that includes:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Authorization of reading\/write operations by clients.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Here, authorization is pluggable and also supports integration with external authorization services.<\/span><\/li>\n<\/ul>\n<p><b>Note:<\/b><span style=\"font-weight: 400\">\u00a0Make sure that security is optional.<\/span><\/p>\n<h2>Need for Kafka Security<\/h2>\n<p><span style=\"font-weight: 400\">Basically, Apache Kafka plays the role as an internal middle layer, which enables our back-end systems to share real-time data feeds with each other through Kafka topics. Generally, any user or application can write any messages to any topic, as well as read data from any topics, with a standard Kafka setup. <\/span><\/p>\n<p><span style=\"font-weight: 400\">However, it is a required to implement Kafka security when our company moves towards a shared tenancy model while multiple teams and applications use the same Kafka Cluster, or also when Kafka Cluster starts on boarding some critical and confidential information.<\/span><\/p>\n<h2>Problems: Kafka Security is solving<\/h2>\n<p><span style=\"font-weight: 400\">There are three components of Kafka Security:<\/span><\/p>\n<h3>a. Encryption of data in-flight using SSL \/ TLS<\/h3>\n<p><span style=\"font-weight: 400\">It keeps data encrypted between our producers and Kafka as well as our consumers and Kafka. However, we can say, it is a very common pattern everyone\u00a0uses when going on the web.\u00a0<\/span><\/p>\n<h3>b. Authentication using SSL or SASL<\/h3>\n<p><span style=\"font-weight: 400\">To authenticate to our Kafka Cluster, it allows our producers and our consumers, which verifies their identity. It is the very secure way to enable our clients to endorse an identity. That helps well in the authorization.<\/span><\/p>\n<h3>c. Authorization using ACLs<\/h3>\n<p><span style=\"font-weight: 400\">In order to determine whether or not a particular client would be authorized to write or read to some topic, our Kafka brokers can run our clients against access control lists (ACL).<\/span><\/p>\n<h2>Encryption (SSL) in Kafka<\/h2>\n<div id=\"attachment_14894\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-1.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-14894\" class=\"wp-image-14894 size-full\" src=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-1.png\" alt=\"Kafka Security- SSL Encryption\" width=\"1200\" height=\"475\" srcset=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-1.png 1200w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-1-150x59.png 150w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-1-300x119.png 300w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-1-768x304.png 768w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-1-1024x405.png 1024w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><\/a><p id=\"caption-attachment-14894\" class=\"wp-caption-text\">Kafka Security- SSL Encryption<\/p><\/div>\n<p><span style=\"font-weight: 400\">Since our packets, while being routed to Kafka cluster, travel network and also hop from machines to machines, this solves the problem of the man in the middle (MITM) attack. Any of these routers could read the content of the data if our data is PLAINTEXT.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Our data is encrypted and securely transmitted over the network with enabled encryption and carefully setup SSL certificates. Only the first and the final machine possess the ability to decrypt the packet being sent, with SSL.<\/span><\/p>\n<p><span style=\"font-weight: 400\">However this encryption comes at a cost, that means in order to encrypt and decrypt packets CPU is now leveraged for both the Kafka Clients and the Kafka Brokers. Although, SSL Security comes at the negligible cost of performance. <\/span><\/p>\n<p><span style=\"font-weight: 400\"><strong>Note:<\/strong> The encryption is only in-flight and the data still sits un-encrypted on our broker\u2019s disk.<\/span><\/p>\n<h2>Kafka Authentication (SSL &amp; SASL)<\/h2>\n<p><span style=\"font-weight: 400\">Basically,\u00a0authentication of Kafka clients to our brokers is possible in two ways. SSL and SASL<\/span><\/p>\n<div id=\"attachment_14895\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-2.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-14895\" class=\"wp-image-14895 size-full\" src=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-2.png\" alt=\"Kafka Security\" width=\"1200\" height=\"300\" srcset=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-2.png 1200w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-2-150x38.png 150w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-2-300x75.png 300w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-2-768x192.png 768w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Example-2-1024x256.png 1024w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><\/a><p id=\"caption-attachment-14895\" class=\"wp-caption-text\">Kafka Security- SSL &amp; SASL Authentication<\/p><\/div>\n<h3>a.\u00a0SSL Authentication in Kafka<\/h3>\n<p><span style=\"font-weight: 400\">It is leveraging a capability from SSL, what we also call two ways authentication.\u00a0Basically, it issues\u00a0a certificate to our clients, signed by a certificate authority that allows our Kafka brokers to verify the identity of the clients.<\/span><\/p>\n<p><span style=\"font-weight: 400\">However, it is the most common setup, especially when we are leveraging a managed Kafka clusters from a provider like Heroku, Confluent Cloud or CloudKarafka.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">b.\u00a0<\/span>SASL Authentication in Kafka<\/h3>\n<p><span style=\"font-weight: 400\">SASL refers to Simple Authorization Service Layer. The basic concept here is that the authentication mechanism\u00a0and Kafka protocol are separate from each other. It is very popular with <strong>Big Data<\/strong> systems as well as <strong>Hadoop setup<\/strong>.\ufffc<\/span><\/p>\n<p><span style=\"font-weight: 400\">Kafka supports the following shapes and <strong>forms of SASL<\/strong>: <\/span><\/p>\n<h4><span style=\"font-weight: 400\"><strong>i.<\/strong>\u00a0<\/span>SASL PLAINTEXT<\/h4>\n<p><span style=\"font-weight: 400\">SASL PLAINTEXT is a classic username\/password combination. However, make sure,\u00a0we need to store these usernames and passwords on the Kafka brokers in advance because each change needs to trigger a rolling restart. <\/span><\/p>\n<p><span style=\"font-weight: 400\">However, it\u2019s less recommended security. Also, make sure to enable SSL encryption\u00a0while using SASL\/PLAINTEXT, hence that credentials aren\u2019t sent as PLAINTEXT on the network.<\/span><\/p>\n<h4><span style=\"font-weight: 400\"><strong>ii.\u00a0<\/strong><\/span>SASL SCRAM<\/h4>\n<p><span style=\"font-weight: 400\">It is very secure combination alongside a challenge. Basically, password and Zookeeper<strong>\u00a0<\/strong>hashes are stored in Zookeeper here, hence that permits us to scale security even without rebooting brokers. <\/span><\/p>\n<p><span style=\"font-weight: 400\">Make sure to enable SSL encryption, while using SASL\/SCRAM, hence that credentials aren\u2019t sent as PLAINTEXT on the network.<\/span><\/p>\n<h4><span style=\"font-weight: 400\"><strong>iii.<\/strong>\u00a0<\/span>SASL GSSAPI (Kerberos)<\/h4>\n<p><span style=\"font-weight: 400\">It is also one of a very secure way of providing authentication. Because it\u00a0works on the basis of Kerberos ticket mechanism. The most common implementation of Kerberos is Microsoft Active Directory. <\/span><\/p>\n<p><span style=\"font-weight: 400\">Since it allows the companies to manage security from within their Kerberos Server, hence we can say SASL\/GSSAPI is a great choice for big enterprises. <\/span><\/p>\n<p><span style=\"font-weight: 400\">Also, communications which are encrypted to SSL encryption is optional with SASL\/GSSAPI. However, setting up Kafka with Kerberos is the most difficult option, but worth it in the end.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">(WIP) SASL Extension (KIP-86 in progress)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">To make it easier to configure new or custom SASL mechanisms that are not implemented in Kafka, we use it.\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">(WIP) SASL OAUTHBEARER (KIP-255 in progress)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">This will allow\u00a0us to leverage OAUTH2 token for authentication.<\/span><br \/>\n<span style=\"font-weight: 400\">However, to\u00a0perform it in easier way use SASL\/SCRAM or SASL\/GSSAPI (Kerberos) for authentication layer.<\/span><\/p>\n<h2>Kafka Authorization (ACL)<\/h2>\n<p><span style=\"font-weight: 400\">Kafka needs to be able to decide what they can and cannot do,\u00a0as soon as our Kafka clients are authenticated. This is where Authorization comes in, controlled by Access Control Lists (ACL).\u00a0<\/span><br \/>\n<span style=\"font-weight: 400\">Since ACL can help\u00a0us prevent disasters,\u00a0they\u00a0are very helpful.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u00a0Let&#8217;s understand it with an example, we have a topic that needs to be writeable from only a subset of clients or hosts. Also, we want to prevent our average user from writing anything to these topics,\u00a0thus it prevents any data corruption or deserialization errors.<\/span><\/p>\n<p><span style=\"font-weight: 400\"> ACLs are also great if we have some sensitive data and we need to prove to regulators that only certain applications or users can access that data.<\/span><\/p>\n<p><span style=\"font-weight: 400\">we can use the kafka-acls command, to adds ACLs. It also even has some facilities and shortcuts to add producers or consumers.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\">kafka-acl --topic test --producer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:alice<\/pre>\n<p><span style=\"font-weight: 400\">The result being:<\/span><br \/>\n<strong>Adding ACLs for resource `Topic:test`:<\/strong><br \/>\n<strong> User:alice has Allow permission for operations: Describe from hosts: *<\/strong><br \/>\n<strong>User:alice has Allow permission for operations: Write from hosts: *<\/strong><br \/>\n<strong>Adding ACLs for resource `Cluster:kafka-cluster`:<\/strong><br \/>\n<strong> User:alice has Allow permission for operations: Create from hosts: *<\/strong><br \/>\n<span style=\"font-weight: 400\"><strong>Note:<\/strong> Store ACL in Zookeeper by using the default SimpleAclAuthorizer, only. Also, ensure only Kafka brokers may write to Zookeeper (zookeeper.set.acl=true). Else, any user could come in and edit ACLs, thus defeating the point of security.<\/span><\/p>\n<h2>ZooKeeper Authentication in Kafka<\/h2>\n<div id=\"attachment_14965\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/ZooKeeper-Authentication-01.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-14965\" class=\"wp-image-14965 size-full\" src=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/ZooKeeper-Authentication-01.jpg\" alt=\"Zookeeper Authentication\" width=\"1200\" height=\"628\" srcset=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/ZooKeeper-Authentication-01.jpg 1200w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/ZooKeeper-Authentication-01-150x79.jpg 150w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/ZooKeeper-Authentication-01-300x157.jpg 300w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/ZooKeeper-Authentication-01-768x402.jpg 768w, https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/ZooKeeper-Authentication-01-1024x536.jpg 1024w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><\/a><p id=\"caption-attachment-14965\" class=\"wp-caption-text\">Zookeeper Authentication<\/p><\/div>\n<h3>a. New Clusters<\/h3>\n<p><span style=\"font-weight: 400\">There are two necessary steps in order to enable ZooKeeper authentication on brokers:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">At first, set the appropriate system property just after creating a JAAS login file and to point to it.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Set the configuration property zookeeper.set.acl in each broker to true.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400\">Basically, the ZooKeeper\u2019s metadata for the Kafka cluster is world-readable, but only brokers can modify it because inappropriate manipulation of that data can cause cluster disruption. Also, we recommend limiting the access to ZooKeeper via network segmentation.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">b.\u00a0<\/span>Migrating Clusters<\/h3>\n<p><span style=\"font-weight: 400\">We need to execute the\u00a0several steps to enable ZooKeeper authentication with minimal disruption to our operations, if\u00a0we are running a version of Kafka that does not support security or simply with security disabled, and\u00a0if we want to make the cluster secure:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">At first, perform a rolling restart setting the JAAS login file, which enables brokers to authenticate. At the end of the rolling restart, brokers are able to manipulate znodes with strict ACLs, but they will not create znodes with those ACLs<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Now, do it the second time, and make sure this time set the configuration parameter zookeeper.set.acl to true. Hence, as a result, that can enable the use of secure ACLs\u00a0at the time of creating znodes.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Moreover, execute the ZkSecurityMigrator tool. So, in order to execute the tool,\u00a0use this script: <strong>.\/bin\/zookeeper-security-migration.sh<\/strong> with zookeeper.acl set to secure. This tool traverses the corresponding sub-trees changing the ACLs of the znodes.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400\">with these following steps we can turn off authentication in a secure cluster:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Perform a rolling restart of brokers setting the JAAS login file, which enables brokers to authenticate, but setting zookeeper.set.acl to false. However, brokers stop creating znodes with secure ACLs, at the end of the rolling restart. Although they are still able to authenticate and manipulate all znodes.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Also,\u00a0execute the tool ZkSecurityMigrator tool with this script .\/bin\/zookeeper-security-migration.sh with zookeeper.acl set to unsecure.\u00a0It traverses the corresponding sub-trees changing the ACLs of the znodes.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Further, do perform it a second time as well. Make sure this time omitting the system property which sets the JAAS login file.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400\"><strong>Example<\/strong> <strong>of how to run the migration tool<\/strong>:<\/span><br \/>\n<span style=\"font-weight: 400\">For Example,<\/span><br \/>\n<b>.\/bin\/zookeeper-security-migration.sh &#8211;zookeeper.acl=secure &#8211;zookeeper.connect=localhost:2181<\/b><br \/>\n<span style=\"font-weight: 400\">Run this to see the full list of parameters:<\/span><br \/>\n<b>.\/bin\/zookeeper-security-migration.sh &#8211;help<\/b><\/p>\n<h3>c.<strong>\u00a0<\/strong>Migrating the ZooKeeper Ensemble<\/h3>\n<p><span style=\"font-weight: 400\">We need to enable authentication on the ZooKeeper ensemble. Hence, we need to perform a rolling restart of the server and set a few properties, to do it.<\/span><\/p>\n<p>So, this was all in Kafka Security Tutorial. Hope you like our explanation.<\/p>\n<h2>Conclusion<\/h2>\n<p><span style=\"font-weight: 400\">Hence, in this Kafka security tutorial, we have seen the introduction to Kafka Security. Moreover, we also discussed, need for Kafka Security, problems that are solved by Kafka Security. In addition, we discussed SSL Encryption and SSL and SASL Kafka authentication. <\/span><\/p>\n<p><span style=\"font-weight: 400\">Along with this, in the authorization, we saw Kafka topic authorization. Finally, we looked at Zookeeper Authentication and its major steps. However, if any doubt occurs feel free to ask in the comment section.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, in this Kafka Tutorial, we will see the concept of\u00a0Apache Kafka Security. Kafka Security tutorial includes why we need security, introduction to encryption in detail. With this, we will discuss the list of&#46;&#46;&#46;<\/p>\n","protected":false},"author":5,"featured_media":16381,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[825,848,1243,7841,7935,7936,7962,9022,12373,13704,13705,16369],"class_list":["post-14890","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kafka","tag-apache-kafka","tag-apache-kafka-security","tag-authorization","tag-kafka","tag-kafka-security","tag-kafka-security-tutorial","tag-kafka-topic-authorization","tag-need-foe-kafka-security","tag-sasl-authentication","tag-ssl-authentication","tag-ssl-encryption","tag-zookeeper-authentication"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Apache Kafka Security | Need and Components of Kafka - DataFlair<\/title>\n<meta name=\"description\" content=\"Apache Kafka Security tutorial, need for Kafka security, SSL encryption, SSL- SASL authentication, zookeeper authentication in Kafka, Kafka authorization\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/data-flair.training\/blogs\/kafka-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache Kafka Security | Need and Components of Kafka - DataFlair\" \/>\n<meta property=\"og:description\" content=\"Apache Kafka Security tutorial, need for Kafka security, SSL encryption, SSL- SASL authentication, zookeeper authentication in Kafka, Kafka authorization\" \/>\n<meta property=\"og:url\" content=\"https:\/\/data-flair.training\/blogs\/kafka-security\/\" \/>\n<meta property=\"og:site_name\" content=\"DataFlair\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/DataFlairWS\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-21T06:30:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-01.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"DataFlair Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@DataFlairWS\" \/>\n<meta name=\"twitter:site\" content=\"@DataFlairWS\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"DataFlair Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apache Kafka Security | Need and Components of Kafka - DataFlair","description":"Apache Kafka Security tutorial, need for Kafka security, SSL encryption, SSL- SASL authentication, zookeeper authentication in Kafka, Kafka authorization","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/data-flair.training\/blogs\/kafka-security\/","og_locale":"en_US","og_type":"article","og_title":"Apache Kafka Security | Need and Components of Kafka - DataFlair","og_description":"Apache Kafka Security tutorial, need for Kafka security, SSL encryption, SSL- SASL authentication, zookeeper authentication in Kafka, Kafka authorization","og_url":"https:\/\/data-flair.training\/blogs\/kafka-security\/","og_site_name":"DataFlair","article_publisher":"https:\/\/www.facebook.com\/DataFlairWS\/","article_published_time":"2018-05-21T06:30:26+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-01.jpg","type":"image\/jpeg"}],"author":"DataFlair Team","twitter_card":"summary_large_image","twitter_creator":"@DataFlairWS","twitter_site":"@DataFlairWS","twitter_misc":{"Written by":"DataFlair Team","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/#article","isPartOf":{"@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/"},"author":{"name":"DataFlair Team","@id":"https:\/\/data-flair.training\/blogs\/#\/schema\/person\/7f83c342f5d1632d6f7b4b0b0f447823"},"headline":"Apache Kafka Security | Need and Components of Kafka","datePublished":"2018-05-21T06:30:26+00:00","mainEntityOfPage":{"@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/"},"wordCount":1794,"commentCount":0,"publisher":{"@id":"https:\/\/data-flair.training\/blogs\/#organization"},"image":{"@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/#primaryimage"},"thumbnailUrl":"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-01.jpg","keywords":["Apache Kafka","Apache Kafka Security","Authorization","kafka","Kafka Security","kafka security tutorial","Kafka topic authorization","need foe kafka security","SASL Authentication","SSL Authentication","SSL Encryption","zookeeper authentication"],"articleSection":["Apache Kafka Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/data-flair.training\/blogs\/kafka-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/","url":"https:\/\/data-flair.training\/blogs\/kafka-security\/","name":"Apache Kafka Security | Need and Components of Kafka - DataFlair","isPartOf":{"@id":"https:\/\/data-flair.training\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/#primaryimage"},"image":{"@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/#primaryimage"},"thumbnailUrl":"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-01.jpg","datePublished":"2018-05-21T06:30:26+00:00","description":"Apache Kafka Security tutorial, need for Kafka security, SSL encryption, SSL- SASL authentication, zookeeper authentication in Kafka, Kafka authorization","breadcrumb":{"@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/data-flair.training\/blogs\/kafka-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/#primaryimage","url":"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-01.jpg","contentUrl":"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2018\/05\/Apache-Kafka-Security-01.jpg","width":1200,"height":628,"caption":"Apache Kafka Security"},{"@type":"BreadcrumbList","@id":"https:\/\/data-flair.training\/blogs\/kafka-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog Home","item":"https:\/\/data-flair.training\/blogs\/"},{"@type":"ListItem","position":2,"name":"Apache Kafka Tutorials","item":"https:\/\/data-flair.training\/blogs\/category\/kafka\/"},{"@type":"ListItem","position":3,"name":"Apache Kafka Security | Need and Components of Kafka"}]},{"@type":"WebSite","@id":"https:\/\/data-flair.training\/blogs\/#website","url":"https:\/\/data-flair.training\/blogs\/","name":"DataFlair","description":"Learn Today. Lead Tomorrow.","publisher":{"@id":"https:\/\/data-flair.training\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/data-flair.training\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/data-flair.training\/blogs\/#organization","name":"DataFlair","url":"https:\/\/data-flair.training\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/data-flair.training\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2016\/07\/Data-Flair.png","contentUrl":"https:\/\/data-flair.training\/blogs\/wp-content\/uploads\/sites\/2\/2016\/07\/Data-Flair.png","width":106,"height":48,"caption":"DataFlair"},"image":{"@id":"https:\/\/data-flair.training\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/DataFlairWS\/","https:\/\/x.com\/DataFlairWS","https:\/\/www.linkedin.com\/company\/dataflair-web-services-pvt-ltd\/","https:\/\/www.youtube.com\/user\/DataFlairWS"]},{"@type":"Person","@id":"https:\/\/data-flair.training\/blogs\/#\/schema\/person\/7f83c342f5d1632d6f7b4b0b0f447823","name":"DataFlair Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4cf3a74600d131330b8c481d519afd1574093ed89f6d3396a95393ad223eb7cd?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4cf3a74600d131330b8c481d519afd1574093ed89f6d3396a95393ad223eb7cd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4cf3a74600d131330b8c481d519afd1574093ed89f6d3396a95393ad223eb7cd?s=96&d=mm&r=g","caption":"DataFlair Team"},"description":"DataFlair Team creates expert-level guides on programming, Java, Python, C++, DSA, AI, ML, data Science, Android, Flutter, MERN, Web Development, and technology. Our goal is to empower learners with easy-to-understand content. Explore our resources for career growth and practical learning.","url":"https:\/\/data-flair.training\/blogs\/author\/dfteam1\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/posts\/14890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/comments?post=14890"}],"version-history":[{"count":0,"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/posts\/14890\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/media\/16381"}],"wp:attachment":[{"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/media?parent=14890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/categories?post=14890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/data-flair.training\/blogs\/wp-json\/wp\/v2\/tags?post=14890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}