The [[ https://github.com/wikimedia/puppet/blob/production/modules/cassandra/files/cassandra-ca-manager | casssandra-ca-manager ]] exists to ease generation and distribution of Java keystore files to enable encryption between Cassandra clients and cluster nodes. However, this script doesn't have anything Cassandra specific in it, and could be reused to enable encryption for Kafka traffic.
puppet_ecdsacert.rb exists to help signing of certificates with our Puppet CA infrastructure, but does not include tooling for managing and declaring many certificates. create_ecdsa_cert helps a bit, but only works for generating one certificate at a time. puppet_ecdsacert.rb only generates .pem format certificate files, and both Kafka and Cassandra need Java keystores.
We should have a generic way of managing certificates that will work for both of these use cases, and hopefully future ones.
I plan to adapt Eric's cassandra-ca-manager, but make it generic and extensible, so that it works with more CAs than just self-signing ones.