Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for truststore and keystore password parameters in Kafdrop #708

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for truststore and keystore password parameters in Kafdrop #708

wants to merge 1 commit into from

Conversation

wkd-woo
Copy link

@wkd-woo wkd-woo commented Dec 10, 2024
edited
Loading

Description

This PR introduces support for specifying passwords for the truststore and keystore used in SSL communication with Kafka brokers in Kafdrop.

Previously, while the truststore file location could be specified using the KAFKA_TRUSTSTORE_FILE parameter, there was no way to provide the password required to access it.

This enhancement addresses that limitation.

refer: https://docs.oracle.com/javadb/10.8.3.0/adminguide/cadminsslclient.html

Key changes include

  1. New Configuration Parameters
  • Added KAFKA_TRUSTSTORE_PASSWORD to specify the truststore password.
  • Added KAFKA_KEYSTORE_PASSWORD to specify the keystore password.
  1. Code Changes
  • Modified KafkaConfiguration.java to handle these new parameters and set ssl.truststore.password and ssl.keystore.password in the Kafka properties if provided.
  • Ensured that these parameters are optional, maintaining backward compatibility for users who do not require truststore or keystore passwords.
  1. Configuration File Updates
  • Updated application.yml to include placeholders for the new parameters, making them configurable via environment variables:
    • KAFKA_TRUSTSTORE_PASSWORD
    • KAFKA_KEYSTORE_PASSWORD

@Bert-R
Copy link
Collaborator

Bert-R commented Dec 12, 2024

I do not understand the objective of this PR. As mentioned in the README, you can use kafka.properties for configuration information "including key/truststore passwords".

What do you want to add to that?

@wkd-woo
Copy link
Author

wkd-woo commented Dec 14, 2024

@Bert-R
As mentioned in the README, I have already tried specifying truststore.password in kafka.properties, but Kafdrop still couldn't connect to our TLS-enabled Kafka brokers. This issue persisted even though the kafka.properties file was correctly mounted as a volume.

Additionally, in the company I work for, security policies prohibit storing passwords in configuration files like properties. (Honestly, I find this requirement quite perplexing myself.) However, storing passwords in objects such as Kubernetes Secrets is allowed.

This is why I created this PR. I believe that passwords required for certificate access should also be managed as separate parameters.

@Bert-R
Copy link
Collaborator

Bert-R commented Dec 14, 2024

In that case, I suggest a much simpler implementation. We already support SSL_KEY_STORE_PASSWORD. If you search for that string, you'll find two occurrences:

If you copy these lines and adapt them for the trust store, you're all set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wkd-woo @Bert-R