Page MenuHomePhabricator

Add Authentication/Encryption to Kafka Jumbo's clients
Open, Stalled, HighPublic


Tracking task to list all the work to do to add encryption/authentication to Kafka Jumbo clients. The motivations are multiple:

  • PII data in transit from various links should be encrypted. Cross-DC links are especially problematic since we consider them not trusted.
  • Consumers should trust a Kafka topic broker using TLS, to avoid any man of the middle attack.
  • Consumers of PII data should be authenticated via TLS or SASL/GSS-API/Kerberos (the latter seems the best option).

Event Timeline

elukey triaged this task as High priority.Apr 14 2020, 10:51 AM
elukey created this task.
elukey added a parent task: Restricted Task.
Ottomata renamed this task from Add Authentication/Encryption to Kafka Jumbo's consumer to Add Authentication/Encryption to Kafka Jumbo's clients.Apr 14 2020, 1:12 PM
Ottomata updated the task description. (Show Details)
elukey changed the task status from Open to Stalled.May 18 2020, 4:17 PM

Status update: we added encryption to various Kafka Jumbo clients (netflow, eventgate-analytics, kafkatee, mirror-maker, etc..) but we are still not able to move forward with authentication due to T250148 (complex task that will probably mean to replace Camus for data ingestion from Kafka to HDFS).

Nuria closed subtask Restricted Task as Resolved.Sep 28 2020, 5:42 PM
elukey removed elukey as the assignee of this task.Jun 1 2021, 8:08 AM