Configuring security credentials for connecting to Kafka

Use the mqsisetdbparms command to associate security credentials with a connection to a Kafka cluster, and configure the KafkaProducer and KafkaConsumer nodes to authenticate using the required user ID and password.

Before you begin

Read the following topics:

About this task

Before you can connect to a Kafka cluster that requires authentication with a user ID and password, you must use the mqsisetdbparms command to configure the credentials that the KafkaProducer and KafkaConsumer nodes will use to authenticate to the Kafka cluster.

All Kafka nodes that are deployed to the same integration server must use the same set of credentials to authenticate to the Kafka cluster. To save the credentials that the Kafka nodes will use to connect to the Kafka cluster, you use the mqsisetdbparms command to configure the resource name in the form kafka::KAFKA::integrationServerName.

To configure the KafkaProducer or KafkaConsumer node to authenticate using the user ID and password, you set the Security protocol property on the node to either SASL_PLAINTEXT or SASL_SSL.

If you are using the IBM Event Streams service on IBM Cloud, the Security protocol property on the Kafka node must be set to SASL_SSL. For more information about configuring the security credentials for connecting to Event Streams, see Using Kafka nodes with IBM Event Streams.

Procedure

Follow these steps to configure a connection to a secured Kafka cluster:

  1. Use the mqsisetdbparms command to associate a user name and password with a connection to a Kafka cluster.
    You can specify the security credentials by setting the following parameters:
    -n kafka::KAFKA::integrationServerName
    The name of the security identity that is used to authenticate a connection to a Kafka cluster.
    -u UserId
    The user ID to be used for connecting to the Kafka cluster.
    -p Password
    The password to be used for connecting to the Kafka cluster.
    The following example shows how to specify a user ID and password:
    mqsisetdbparms integrationNodeName -n kafka::KAFKA::integrationServerName -u myUsername -p myPassword

    For more information about associating security credentials with resources, see mqsisetdbparms command.

  2. In your message flow, set the Security protocol property on the KafkaProducer and KafkaConsumer nodes to either SASL_PLAINTEXT or SASL_SSL.
    If you are using the Event Streams service on IBM Cloud, the Security protocol property must be set to SASL_SSL.

What to do next

You can use the mqsireportdbparms command to show information about the credentials that are being used for connecting to a Kafka cluster. For more information about the security credentials that have been set on the integration node, see mqsireportdbparms command.