Aiven Kafka now supports SASL as a complementary authentication method between your Kafka-powered applications and your Kafka endpoint. This gives you the option to replace your access key and access certificate with a username and password that you specify.
Note that with SASL enabled, you'll still require a CA (certificate authority) certificate to connect your producers and consumers to your Aiven Kafka endpoint.
SASL stands for Simple Authentication and Security Layer and is a popular authentication framework already used widely across many established internet protocols, including AMQP, IMAP, IRC, and memcached.
Aiven Kafka supports the following SASL mechanisms:
- SASL Plain: a basic, cleartext password handler based on RFC 4616;
- SCRAM (or Salted Challenge Response Authentication Mechanism): a more complex challenge-response authentication method.
How SASL works
To turn on SASL support, just enable the
kafka_authentication_methods.sasl setting within your advanced configuration settings.
You can then configure your producers and consumers to use SASL authentication to your endpoint accordingly.
You now have two options — Client Certificate or SASL — for connecting your Kafka producers and consumers to your Aiven Kafka endpoint. We’ll always be adding more options, so stay up to date from our blog, changelog RSS feeds, or follow us on Twitter or LinkedIn.
Sep 7, 2022
The best Redis® ever - version 7.0 - is now available on the Aiven platform.
Jun 10, 2021
Is Apache Kafka® a database? Can I throw out my Postgres and use Kafka instead? Is Kafka the new Swiss Army Knife of data? Find out what the debate is about.
Nov 22, 2022
Streaming, batch, caching, archiving, encryption - data management can seem very complex. Read on for an ice-cream store metaphor that explains the options.
Subscribe to the Aiven newsletter
All things open source, plus our product updates and news in a monthly newsletter.