Kafka SSL credentials fields

Release version: Australia

Updated March 12, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of Kafka SSL Credentials Fields

This document outlines the fields included in the Kafka SSL credentials form, essential for establishing secure connections to Kafka servers. It provides details on required configurations for SSL and SASLSSL security protocols, ensuring customers can securely authenticate and connect their Kafka clients.

Show full answer Show less

Key Features

SSL Keystore: Contains the Base64 encoded content of the server's keystore file. Requires a password and keystore type, with Java KeyStore (JKS) as the default.
SSL Truststore: Optional field that, when enabled, requires a Base64 encoded truststore file and its associated password. Also defaults to Java KeyStore (JKS).
SASL Mechanism: Specifies the authentication mechanism for Kafka clients, defaulting to PLAIN.
User Credentials: Requires a username and password for SASL authentication, with passwords stored encrypted in the database.
Additional Kafka Properties: Allows for the inclusion of extra properties in a semicolon-separated format to customize client behavior.

Key Outcomes

By properly configuring the SSL and SASL fields, ServiceNow customers can ensure secure communication with Kafka. This setup not only protects sensitive data during transmission but also streamlines the authentication process for Kafka clients, enhancing overall system security and functionality.

Description of the fields on the Kafka SSL credentials form.

Table 1. SSL security protocol
FIeld	Description
SSL keystore	The content of an actual server.keystore.jks file, encoded as a Base64 string.
SSL keystore type	Format of the SSL keystore file. Default: Java KeyStore (JKS).
SSL keystore password	Password to the keystore, identical to the value of the ssl.keystore.password property in Apache Kafka.
SSL key password	Password, identical to the ssl.key.password property value in Apache Kafka.
Use SSL truststore	Option to use SSL truststore. When checked, an SSL truststore is mandatory.
SSL truststore	The content of an actual client.truststore.jks file, encoded as a Base64 string. This field appears only when Use SSL truststore is checked.
SSL truststore type	Format of the truststore file. Default: Java KeyStore (JKS). This field appears only when Use SSL truststore is checked.
SSL truststore password	Password to the truststore, identical to the value of the ssl.truststore.password property in Apache Kafka. This field appears only when Use SSL truststore is checked.
SSL provider	Name of the security provider used for SSL connections.
Disable hostname verification	Option to disable verification of the hostname.
Additional Kafka consumer properties	Semicolon-separated string of additional Kafka consumer properties. For example: ssl.protocol=TLSv1.2;ssl.enabled.protocols=TLSv1.2,TLSv1.1

Table 2. SASL_SSL security protocol
FIeld	Description
SASL Mechanism	The SASL authentication mechanism to be used by the Kafka client. Default: PLAIN.
Use SSL truststore	Option to use SSL truststore. When checked, an SSL truststore is mandatory.
SSL truststore	The content of an actual client.truststore.jks file, encoded as a Base64 string. This field appears only when Use SSL truststore is checked.
SSL truststore type	Format of the SSL truststore file. Default: Java KeyStore (JKS). This field appears only when Use SSL truststore is checked.
SSL truststore password	Password to the truststore, identical to the value of the ssl.truststore.password property in Apache Kafka. This field appears only when Use SSL truststore is checked.
SSL provider	Name of the security provider used for SSL connections.
Disable hostname verification	Option to disable verification of the hostname.
User name	The user name, if any, associated with this credential. Note: The specified user name is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>`
Password	The password associated with this credential. Note: The specified password is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>` The password you specify is invisible. It is stored in the database in encrypted form.
SASL JAAS config template	The JAAS configuration to be used by the Kafka client, with the placeholders $[username] for the username, and $[password] for the password.
Additional Kafka consumer properties	Semicolon-separated string of additional Kafka consumer properties. For example: ssl.protocol=TLSv1.2;ssl.enabled.protocols=TLSv1.2,TLSv1.1

Table 3. SASL_PLAINTEXT security protocol

SASL mechanism	The SASL authentication mechanism to be used by the Kafka client. Default: PLAIN.
Use SSL truststore	Option to use SSL truststore. When checked, an SSL truststore is mandatory.
User name	The user name, if any, associated with this credential. Note: The specified user name is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>`
Password	The password associated with this credential. Note: The specified password is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>` The password you specify is invisible. It is stored in the database in encrypted form.
Additional Kafka consumer properties	Semicolon-separated string of additional Kafka consumer properties. For example: ssl.protocol=TLSv1.2;ssl.enabled.protocols=TLSv1.2,TLSv1.1