Kafka SSL credentials fields

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Kafka SSL credentials fields

This documentation explains the fields used in the Kafka SSL credentials form within ServiceNow, relevant for the Yokohama release. It covers configurations for different Kafka security protocols: SSL, SASLSSL, and SASLPLAINTEXT. These settings enable secure Kafka connections by specifying keystore, truststore, authentication, and additional consumer properties.

Show full answer Show less

Kafka SSL Security Protocol Fields

SSL keystore: Base64-encoded content of the server keystore file (server.keystore.jks).
SSL keystore type: Format of the keystore file; defaults to Java KeyStore (JKS).
SSL keystore password: Password matching Kafka’s ssl.keystore.password property.
SSL key password: Password matching Kafka’s ssl.key.password property.
SSL truststore: Base64-encoded content of the client truststore file (client.truststore.jks).
SSL truststore type: Format of the truststore file; defaults to Java KeyStore (JKS).
SSL truststore password: Password matching Kafka’s ssl.truststore.password property.
SSL provider: Specifies the security provider for SSL connections.
Disable hostname verification: Option to turn off hostname verification during SSL handshake.
Additional Kafka consumer properties: Semicolon-separated string for extra Kafka consumer settings (e.g., ssl.protocol=TLSv1.2).

Kafka SASLSSL Security Protocol Fields

SSL truststore, truststore type, and truststore password: Same as SSL protocol fields for truststore configuration.
SSL provider and Disable hostname verification: Same as SSL protocol options.
User name and Password: Credentials used for SASL authentication passed to Kafka via JAAS PlainLoginModule; passwords are stored encrypted and invisible.
Additional Kafka consumer properties: Allows customization of Kafka consumer settings.

Kafka SASLPLAINTEXT Security Protocol Fields

User name and Password: Used for SASL authentication similar to SASLSSL, passed to Kafka via JAAS PlainLoginModule and stored securely.
Additional Kafka consumer properties: Supports additional configuration settings for Kafka consumer behavior.

Practical Use for ServiceNow Customers

By correctly filling these fields, ServiceNow customers can securely configure Kafka integration using SSL or SASL protocols to protect data in transit. The form ensures compatibility with Kafka’s expected security properties, enabling encrypted communication, authentication, and flexible consumer configuration. Passwords are securely encrypted in the database, enhancing credential safety.

Description of the fields on the Kafka SSL credentials form.

Table 1. SSL security protocol
FIeld	Description
SSL keystore	The content of an actual server.keystore.jks file, encoded as a Base64 string.
SSL keystore type	Format of the SSL keystore file. Default: Java KeyStore (JKS).
SSL keystore password	Password to the keystore, identical to the value of the ssl.keystore.password property in Apache Kafka.
SSL key password	Password, identical to the ssl.key.password property value in Apache Kafka.
SSL truststore	The content of an actual client.truststore.jks file, encoded as a Base64 string.
SSL truststore type	Format of the truststore file. Default: Java KeyStore (JKS).
SSL truststore password	Password to the truststore, identical to the value of the ssl.truststore.password property in Apache Kafka.
SSL provider	Name of the security provider used for SSL connections.
Disable hostname verification	Option to disable verification of the hostname.
Additional Kafka consumer properties	Semicolon-separated string of additional Kafka consumer properties. For example: ssl.protocol=TLSv1.2;ssl.enabled.protocols=TLSv1.2,TLSv1.1

Table 2. SASL_SSL security protocol
FIeld	Description
SSL truststore	The content of an actual client.truststore.jks file, encoded as a Base64 string.
SSL truststore type	Format of the SSL truststore file. Default: Java KeyStore (JKS).
SSL truststore password	Password to the truststore, identical to the value of the ssl.truststore.password property in Apache Kafka.
SSL provider	Name of the security provider used for SSL connections.
Disable hostname verification	Option to disable verification of the hostname.
User name	The user name, if any, associated with this credential. Note: The specified user name is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>`
Password	The password associated with this credential. Note: The specified password is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>` The password you specify is invisible. It is stored in the database in encrypted form.
Additional Kafka consumer properties	Semicolon-separated string of additional Kafka consumer properties. For example: ssl.protocol=TLSv1.2;ssl.enabled.protocols=TLSv1.2,TLSv1.1

Table 3. SASL_PLAINTEXT security protocol

User name	The user name, if any, associated with this credential. Note: The specified user name is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>`
Password	The password associated with this credential. Note: The specified password is used for SASL authentication using JAAS. The following JAAS configuration is passed to the Kafka Server: `org.apache.kafka.common.security.plain.PlainLoginModule required username=<user_name> password=<password>` The password you specify is invisible. It is stored in the database in encrypted form.
Additional Kafka consumer properties	Semicolon-separated string of additional Kafka consumer properties. For example: ssl.protocol=TLSv1.2;ssl.enabled.protocols=TLSv1.2,TLSv1.1