encrypted keystore /trustedstore password for Kafka broker

Question

In my current project I am using SSL connection for Kafka and below are my current setup for server properties files :

broker.id=1
listeners= SSL://123.456.789.110:9092
security.inter.broker.protocol=SSL
ssl.keystore.location=/etc/keys/keystore
ssl.keystore.password=test1234
ssl.truststore.location=/etc/CApath/trustedstore
ssl.truststore.password=test1234
ssl.enabled.protocols=TLSv1.2

But I don' want to use cleartest keystore and trustedstore password in server properties file .

I am using Kafka version 2.0.0 .

Answer 1

From Kafka 2.0 onwards, it's possible to store all passwords encrypted in Zookeeper instead of plain text in the properties file.

See the dynamic broker configs section in the Kafka documentation. The "Updating Password Configs in ZooKeeper Before Starting Brokers" subsection has details how to set this up.

See also KIP-226 which contains all the technical details