[
https://issues.apache.org/jira/browse/KAFKA-13247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458023#comment-17458023
]
Tigran Margaryan commented on KAFKA-13247:
------------------------------------------
Frankly speaking, disagree here as in that case you lose the pros which
keystore has. Imagine how many keystores the project should have in the case
when the project contains multiple services and all of them require to use mTLS
connections. Maintaining all of these keystores can be headache while I believe
it is an optimal solution /best practice of having one with all private key
inside.
So far, I override SslEngineFactory class in order to have that filtering logic
in place but ideally I would expect to see it in the upcoming Kafka release(s)
:)
> Adding functionality for loading private key entry by alias from the keystore
> -----------------------------------------------------------------------------
>
> Key: KAFKA-13247
> URL: https://issues.apache.org/jira/browse/KAFKA-13247
> Project: Kafka
> Issue Type: Improvement
> Reporter: Tigran Margaryan
> Priority: Major
> Labels: kip-required
>
> Hello team,
> While configuring SSL for Kafka connectivity , I found out that there is no
> possibility to choose/load the private key entry by alias from the keystore
> defined via
> org.apache.kafka.common.config.SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG. It
> turns out that the keystore could not have multiple private key entries .
> Kindly ask you to add that config (smth. like SSL_KEY_ALIAS_CONFIG) into
> SslConfigs with the corresponding functionality which should load only the
> private key entry by defined alias.
>
> Thanks in advance.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
