Hi Thomas,
We recently fixed a bug
https://issues.apache.org/jira/browse/KAFKA-8191 , which allows users to
configure their own KeyManager, TrustManager. One can implement these
KeyManagers and pass them as configs and these Keymanagers can make a call to
service to fetch a certificate to enable TLS. JKS stores are for doing it
manually. You can check out https://github.com/spiffe/java-spiffe which talks
spiffee agent to get a certificate and pass it to Kafka's SSL context.
Thanks,
Harsha
On Thu, May 16, 2019, at 3:57 PM, Zhou, Thomas wrote:
> Hi,
>
> I have a question about how TLS config at Kafka client side. Based on
> the official document, if clients want to enable TLS, they must put
> ssl.truststore.location in the client config in where there is a JKS
> file to hold the trust store. My question is that is this config
> mandatory? Is there a possibility that we get truststore.jks from a
> service and store in memory so we don’t have to maintain a file in
> client side.
>
> Thanks,
> Thomas
>
