View Source KafkaEx.Auth.Config (kafka_ex v0.15.0)

Builds and validates SASL authentication config for KafkaEx.

## Responsibilities

* Read SASL config from application env (`from_env/0`)
* Build config from parameters (`new/1`)
* Validate required fields for each mechanism
* Normalize options and return a `%KafkaEx.Auth.Config{}` struct

## Supported mechanisms

* `:plain`  username/password over TLS (required)
* `:scram`  SCRAM-SHA (supports both SHA-256 and SHA-512 algorithms)

## Configuration

### Via Application Environment

config :kafka_ex,

sasl: %{
  mechanism: :scram,
  username: System.get_env("KAFKA_USERNAME"),
  password: System.get_env("KAFKA_PASSWORD"),
  mechanism_opts: %{algo: :sha256}  # or :sha512
}

### Via Direct Options

  opts = [
  uris: [{"localhost", 9292}],
  use_ssl: true,
  ssl_options: [verify: :verify_none],
  auth: KafkaEx.Auth.Config.new(%{
    mechanism: :plain,
    username: "test",
    password: "secret"
  })
]

### Example

# Build config directly iex> KafkaEx.Auth.Config.new(%{mechanism: :plain, username: "u", password: "p"}) #KafkaEx.Auth.Config<mechanism=plain, username="u", password=REDACTED, mechanism_opts=%{}>

# Read from environment iex> Application.put_env(:kafka_ex, :sasl, %{mechanism: :scram, username: "u", password: "p"}) iex> KafkaEx.Auth.Config.from_env() #KafkaEx.Auth.Config<mechanism=scram, username="u", password=REDACTED, mechanism_opts=%{}>

### Security Notes

  • PLAIN mechanism MUST use SSL/TLS in production
  • Passwords are redacted in inspect output
  • Use environment variables for credentials, never hardcode

Summary

Types

t()

Functions

from_env()
new(attrs)

Types

Link to this type

t()

View Source 
@type t() :: %KafkaEx.Auth.Config{
  mechanism: :plain | :scram,
  mechanism_opts: map(),
  password: String.t(),
  username: String.t()
}

Functions

Link to this function

from_env()

View Source 
@spec from_env() :: t() | nil
Link to this function

new(attrs)

View Source 
@spec new(map()) :: t()