Hi Thomas,
              We recently fixed a bug 
https://issues.apache.org/jira/browse/KAFKA-8191 , which allows users to 
configure their own KeyManager, TrustManager. One can implement these 
KeyManagers and pass them as configs and these Keymanagers can make a call to 
service to fetch a certificate to enable TLS.  JKS stores are for doing it 
manually. You can check out https://github.com/spiffe/java-spiffe which talks 
spiffee agent to get a certificate and pass it to Kafka's SSL context.

Thanks,
Harsha

On Thu, May 16, 2019, at 3:57 PM, Zhou, Thomas wrote:
> Hi,
> 
> I have a question about how TLS config at Kafka client side. Based on 
> the official document, if clients want to enable TLS, they must put 
> ssl.truststore.location in the client config in where there is a JKS 
> file to hold the trust store. My question is that is this config 
> mandatory? Is there a possibility that we get truststore.jks from a 
> service and store in memory so we don’t have to maintain a file in 
> client side.
> 
> Thanks,
> Thomas
>

Reply via email to