Skip to content
Kafka Is FunProgress

Lesson 3 of 5

Security: Authentication & Authorization

Kafka supports SASL (PLAIN, SCRAM-SHA-256, GSSAPI/Kerberos, OAUTHBEARER) for authentication and TLS for encryption in transit. Kafka ACLs (via kafka-acls.sh) control which principals can produce/consume which topics. Role-based access control is managed through Confluent RBAC or external systems. Always encrypt in transit with TLS and authenticate with at minimum SASL/SCRAM in production.

Key configuration

broker / client configurationproperties
# Client SSL config:
ssl.truststore.location=/certs/kafka.truststore.jks
ssl.keystore.location=/certs/kafka.keystore.jks
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-256

Try it in the simulator

Guided scenarios for this module — the simulator opens with the exercise already running.