View Source Authentication

SASL/PLAIN

Erlang

[{brod,
   [{clients
     , [{kafka_client
          , [ { endpoints, [{"localhost", 9092}] }
            , { ssl, true}
            , { sasl, {plain, "GFRW5BSQHKEH0TSG", "GrL3CNTkLhsvtBr8srGn0VilMpgDb4lPD"}}
            ]
         }
       ]
     }
   ]
}]

Elixir

import Config

config :brod,
       clients: [
         kafka_client: [
           endpoints: [
             localhost: 9092
           ],
           ssl: true,
           sasl: {
             :plain,
             System.get_env("KAFKA_USERNAME"),
             System.get_env("KAFKA_PASSWORD")
           }
         ]
       ]

SSL Certificate Validation

Erlang's default configuration for SSL is verify_none which means that certificates are accepted but not validated. brod passes SSL options to the kafka_protocol library where they are used to create the SSL connection.

For more info see the Erlang Ecosystem Foundation's server certificate verification recommendations.

Erlang

[{brod,
   [{clients
     , [{kafka_client
          , [ { endpoints, [{"localhost", 9092}] }
            , { ssl, [ { verify, verify_peer }
                     , { cacertfile, "/etc/ssl/certs/ca-certificates.crt" }
                     , { depth, 3 }
                     , { customize_hostname_check,
                          [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]}
                     , {version, ['tlsv1.3', 'tlsv1.2']}
                     ]}
            , { sasl, {plain, "GFRW5BSQHKEH0TSG", "GrL3CNTkLhsvtBr8srGn0VilMpgDb4lPD"}}
            ]
         }
       ]
     }
   ]
}]

Elixir

import Config

config :brod,
       clients: [
         kafka_client: [
           endpoints: [
             localhost: 9092
           ],
           ssl: [
             verify: :verify_peer,
             cacertfile: "/etc/ssl/certs/ca-certificates.crt",
             depth: 3,
             customize_hostname_check: [
               match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
             ],
           ],
           sasl: {
             :plain,
             System.get_env("KAFKA_USERNAME"),
             System.get_env("KAFKA_PASSWORD")
           }
         ]
       ]

The examples above are using /etc/ssl/certs/ca-certificates.crt which is the certificate authority that comes with alpine linux. You will need to provide a path to a valid certificate authority certificate or use certifi