Aiven Kafka now supports SASL authentication

Aiven Kafka users can now enable SASL authentication between their applications and Aiven Kafka; find out more about it in this post.

24 June 2019
John Hammink
John Hammink RSS Feed
Developer Advocate at Aiven

Aiven Kafka now supports SASL as a complementary authentication method between your Kafka-powered applications and your Kafka endpoint. This gives you the option to replace your access key and access certificate with a username and password that you specify.

Note that with SASL enabled, you'll still require a CA (certificate authority) certificate to connect your producers and consumers to your Aiven Kafka endpoint.

SASL stands for Simple Authentication and Security Layer and is a popular authentication framework already used widely across many established internet protocols, including AMQP, IMAP, IRC, and memcached.

Aiven Kafka supports the following SASL mechanisms:

  • SASL Plain: a basic, cleartext password handler based on RFC 4616;
  • SCRAM (or Salted Challenge Response Authentication Mechanism): a more complex challenge-response authentication method.

How SASL works

To turn on SASL support, just enable the kafka_authentication_methods.sasl setting within your advanced configuration settings.

jpg showing how to enable SASL

You can then configure your producers and consumers to use SASL authentication to your endpoint accordingly.

jpg showing SASL auth settings

Wrapping up

You now have two options — Client Certificate or SASL — for connecting your Kafka producers and consumers to your Aiven Kafka endpoint. We’ll always be adding more options, so stay up to date from our blog, changelog RSS feeds, or follow us on Twitter or LinkedIn.


Let‘s connect

Aiven for Apache Kafka, Aiven for Apache Kafka Connect, Aiven for Apache Kafka MirrorMaker 2, Aiven for M3, Aiven for M3 Aggregator, Aiven for Apache Cassandra, Aiven for OpenSearch, Aiven for PostgreSQL, Aiven for MySQL, Aiven for Redis, Aiven for InfluxDB, Aiven for Grafana are trademarks and property of their respective owners. All product and service names used in this website are for identification purposes only and do not imply endorsement.