Client authentication

Sumit Rawal answered on June 21, 2023 Popularity 4/10 Helpfulness 1/10

Contents


More Related Answers

  • authorization authentication
  • Authentication#
  • redwood authentication
  • OAuthClientConfig
  • What do you mean by basic authentication?
  • Client authorisation
  • Authentication check#
  • Authentication
  • which authentication you used
  • api authentication
  • api authentication

  • Client authentication

    0

    Vault currently only supports client authentication using mutual TLS and SASL-SCRAM.

    For each Vault service that communicates with Kafka, this requires either:

    mTLS: Client certificates to be signed by a CA with a chain of trust to a CA whose certificate is stored in Kafka's truststore. Clients may provide Intermediate CA certificates in their certificate list to establish this chain of trust. To learn more, see Configuring mutual TLS.

    SASL-SCRAM: Client credentials, consisting of a username and password. To learn more, see Configuring SASL-SCRAM.

    SASL-OAUTHBEARER: Client credentials, consisting of client ID and secret. To learn more, see Configuring SASL-OAUTHBEARER.

    You must ensure that these client certificates or credentials are placed in HashiCorp Vault, in order for Vault services to use them. The Vault Installer supports the automatic generation of client certificates and credentials from a CA certificate and private key placed in HashiCorp Vault.

    From Vault 4.0 onwards, the Vault Installer supports the automatic creation of Kafka ACLs (Access Control Lists), and deletion of ACLs that are no longer required. This is optional, which means you will need to enable this automatic option to use it.

    From Vault 4.4 onwards, the release.json release artifact can be used to aid with manually generating client certificates, SCRAM or OAUTHBEARER credentials. It includes the content of the kafka_principals_info.json artifact (Vault 3.0 onwards), detailing which HashiCorp Vault KV engine secret paths to store them at, along with what keys are expected in the secret at that path. This release artifact is documented in the Vault installation guide.

    Popularity 4/10 Helpfulness 1/10 Language whatever
    Source: Grepper
    Link to this answer
    Share Copy Link
    Contributed on Jun 21 2023
    Sumit Rawal
    0 Answers  Avg Quality 2/10


    X

    Continue with Google

    By continuing, I agree that I have read and agree to Greppers's Terms of Service and Privacy Policy.
    X
    Grepper Account Login Required

    Oops, You will need to install Grepper and log-in to perform this action.