Currently, to use a custom keystore with the JVM Kafka consumer/producer API, you need to have your keystore file on disk and configure it with an absolute file path like this:
Properties kafkaProperties = new Properties(); kafkaProperties.setProperty(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SSL"); kafkaProperties.setProperty(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "PKCS12"); kafkaProperties.setProperty(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, "/tmp/ca.p12"); kafkaProperties.setProperty(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, kafkaTrustStorePassword); kafkaProperties.setProperty(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "PKCS12"); kafkaProperties.setProperty(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, "/tmp/user.p12"); kafkaProperties.setProperty(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, kafkaKeyStorePassword); However, I'm running in an environment where I don't have reliable access to the local file system. Specifically, I'm writing Java-based Flink applications that run on Aamazon's Kinesis Analytics environment. The official Kinesis Analytics docs recommend you configure your keystores as classpath resources in your Flink .jar application, and at runtime, you copy the keystores to the /tmp directory: https://docs.aws.amazon.com/kinesisanalytics/latest/java/example-keystore.html However this strategy is intermittently working/failing. It would be helpful if the Kafka JVM API supported configuring keystores directly via a classpath resource. Thanks!