View Source Authentication
SASL/PLAIN
Erlang
[{brod,
[{clients
, [{kafka_client
, [ { endpoints, [{"localhost", 9092}] }
, { ssl, true}
, { sasl, {plain, "GFRW5BSQHKEH0TSG", "GrL3CNTkLhsvtBr8srGn0VilMpgDb4lPD"}}
]
}
]
}
]
}]
Elixir
import Config
config :brod,
clients: [
kafka_client: [
endpoints: [
localhost: 9092
],
ssl: true,
sasl: {
:plain,
System.get_env("KAFKA_USERNAME"),
System.get_env("KAFKA_PASSWORD")
}
]
]
SSL Certificate Validation
Erlang's default configuration for SSL is verify_none which means that certificates are accepted but not validated. brod passes SSL options to the kafka_protocol library where they are used to create the SSL connection.
For more info see the Erlang Ecosystem Foundation's server certificate verification recommendations.
Erlang
[{brod,
[{clients
, [{kafka_client
, [ { endpoints, [{"localhost", 9092}] }
, { ssl, [ { verify, verify_peer }
, { cacertfile, "/etc/ssl/certs/ca-certificates.crt" }
, { depth, 3 }
, { customize_hostname_check,
[{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]}
, {version, ['tlsv1.3', 'tlsv1.2']}
]}
, { sasl, {plain, "GFRW5BSQHKEH0TSG", "GrL3CNTkLhsvtBr8srGn0VilMpgDb4lPD"}}
]
}
]
}
]
}]
Elixir
import Config
config :brod,
clients: [
kafka_client: [
endpoints: [
localhost: 9092
],
ssl: [
verify: :verify_peer,
cacertfile: "/etc/ssl/certs/ca-certificates.crt",
depth: 3,
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
],
],
sasl: {
:plain,
System.get_env("KAFKA_USERNAME"),
System.get_env("KAFKA_PASSWORD")
}
]
]
The examples above are using /etc/ssl/certs/ca-certificates.crt
which is the certificate authority that comes
with alpine linux. You will need to provide a path to a valid certificate authority
certificate or use certifi