Skip to main content

Use Kpow with Aiven for Apache Kafka®

Kpow by Factor House is a popular Web UI for Apache Kafka® that allows you to monitor a cluster, view topics and consumer groups, produce and consume data with integration into the Schema Registry.


To connect Kpow to Aiven for Apache Kafka® you need to create a Java keystore and truststore containing the service SSL certificates.

Kpow uses a set of Apache Kafka topics to store the working information. You can either create the topics manually or enable the automatic creation of topics for the Aiven for Apache Kafka service.

Furthermore, you need to collect the following information for Apache Kafka and Kpow:


If you create a Kpow trial, you should receive all the KPOW related parameters in the welcome email, scrolling down to the relevant Certificates section.

  • APACHE_KAFKA_HOST: The Aiven for Apache Kafka hostname
  • APACHE_KAFKA_PORT: The Aiven for Apache Kafka port
  • KEYSTORE_FILE_NAME: The name of the Java keystore containing the Aiven for Apache Kafka SSL certificates
  • SSL_KEYSTORE_PASSWORD: The password used to secure the Java keystore
  • SSL_KEY_PASSWORD: The password used to secure the Java key. If you created the keystore using the instructions above, then this will be the same as the Java keystore password
  • SSL_TRUSTSTORE_LOCATION: The password used to secure the Java truststore
  • SSL_TRUSTSTORE_PASSWORD: The password used to secure the Java truststore
  • SSL_STORE_FOLDER: The absolute path of the folder containing both the truststore and keystore
  • KPOW_LICENSE_ID: Kpow license ID
  • KPOW_LICENSE_CODE: Kpow license code
  • KPOW_LICENSEE: Kpow licensee
  • KPOW_LICENSE_EXPIRY_DATE: Kpow license expiry date
  • KPOW_LICENSE_SIGNATURE: Kpow license signature

Retrieve Aiven for Apache Kafka® SSL certificate files

Aiven for Apache Kafka® by default enables TLS security. Downloaded the certificates from the service overview page in the Aiven console, or via the dedicated Aiven CLI command.

Set up a Kpow configuration file

Kpow supports both SASL and SSL authentication methods. The following example shows the SSL version which requires a keystore and truststore that can be created following the dedicated documentation.

Once the keystore and truststore are created, define a Kpow configuration file named kpow.env with the following content, replacing the APACHE_KAFKA_HOST, APACHE_KAFKA_PORT, KPOW_LICENSE_ID, KPOW_LICENSE_CODE, KPOW_LICENSEE, KPOW_LICENSE_EXPIRY_DATE, KPOW_LICENSE_SIGNATURE, SSL_KEYSTORE_FILE_NAME, SSL_KEYSTORE_PASSWORD, SSL_KEY_PASSWORD, SSL_TRUSTSTORE_FILE_NAME and SSL_TRUSTSTORE_PASSWORD with the the respective values taken from the prerequisites section:


don't remove the /ssl/ prefix before the keystore and truststore setting, the SSL_STORE_FOLDER local folder containing the keystore and truststore will be mapped to the /ssl/ folder during the docker instance creation.

The full list of configuration parameters is available at the dedicated Kpow page.

Run Kpow on Docker

You can run Kpow in a Docker/Podman container with the following command, by replacing the SSL_STORE_FOLDER with the name of the folder containing the Java keystore and truststore:

docker run -p 3000:3000 -m2G \
--env-file ./kpow.env factorhouse/kpow-ee:latest

Use Kpow

Once Kpow starts, access the interface at localhost:3000.

Kpow in action

You can perform the following tasks with Kpow over an Aiven for Apache Kafka® service:

  • View and search topics
  • Create and delete topics
  • View brokers
  • Produce and consume messages