Hi Men,
The config provider mechanism should work for every property in a connector
config, and every property in a worker config except for the plugin.path
property (see KAFKA-9845 [1]). You can also use it for only part of a
single property, or even multiple parts, like in this example (assuming a
config provider named "file"):
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
required username="${file:/some/file.properties:username}"
password="${file:/some/file.properties:password}"
What sorts of errors are you seeing when trying to use a config provider
with sasl/scram credentials?
[1] - https://issues.apache.org/jira/browse/KAFKA-9845
Cheers,
Chris
On Mon, Mar 7, 2022 at 10:35 AM Men Lim <zulu...@gmail.com> wrote:
> Hi all,
>
> recently, I found out about
>
> config.providers=file
>
>
> config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
>
> This works great to remove our embedded database password into an external
> file. However, it does not work when I tried to do the same thing with the
> sasl/scram username and password found in the distributor or connector file
> for kafka connect:
>
> sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
> required \
> username="000" password="some_password";
>
> I was wondering if there's a way to secure these passwords as well?
>
> Thanks,
>
