Hi All, I have a proposal to allow Kafka brokers to encrypt sensitive metadata information about delegation tokens.
As of now, delegation token metadata is stored in an unencrypted format in Zookeeper. Having the possibility to encrypt-then-MAC token information would be beneficial in Kafka installations where Zookeeper is not on a private network. Please take a look at https://cwiki.apache.org/confluence/display/KAFKA/KIP-395%3A+Encypt-then-MAC+Delegation+token+metadata and let me know what you think. - Attila
