This session will quickly show you how to describe the security configuration of your Kafka cluster in an AsyncAPI document. And if you've been given an AsyncAPI document, this session will show you how to use that to configure a Kafka client or application to connect to the cluster, using the details in the AsyncAPI spec.

1. Describing Kafka security in AsyncAPI
Dale Lane, IBM

2. 1. encryption
2. authentication

5. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
no encryption

6. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
no encryption

7. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka-secure
no encryption
encryption

8. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka-secure
no encryption
encryption

9. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka-secure
no encryption
encryption

11. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
no authentication

12. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: <kafkaAuthType>
authentication

13. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: <kafkaAuthType>
authentication

14. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: <kafkaAuthType>
authentication
AsyncAPI
security scheme types
plain
scramSha256
scramSha512
oauth2
gssapi
X509

15. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: plain
authentication
AsyncAPI
security scheme types
plain
scramSha256
scramSha512
oauth2
gssapi
X509

16. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka-secure
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha256
authentication
AsyncAPI
security scheme types
plain
scramSha256
scramSha512
oauth2
gssapi
X509

17. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha512
authentication
AsyncAPI
security scheme types
plain
scramSha256
scramSha512
oauth2
gssapi
X509

20. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
Properties
Java

21. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka Properties
Java

22. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security.protocol:
PLAINTEXT
Properties
Java

23. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
Properties props = new Properties();
props.put(
CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG,
"mycluster.org:8092");
props.put(
CommonClientConfigs.SECURITY_PROTOCOL_CONFIG,
"PLAINTEXT");
security.protocol:
PLAINTEXT
Properties
Java

24. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha256
Properties
Java

25. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha256
security.protocol:
SASL_PLAINTEXT
sasl.mechanism:
SCRAM-SHA-256
Properties
Java

26. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha256
Properties props = new Properties();
props.put(
CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG,
"mycluster.org:8092");
props.put(
CommonClientConfigs.SECURITY_PROTOCOL_CONFIG,
"SASL_PLAINTEXT");
props.put(
SaslConfigs.SASL_MECHANISM,
"SCRAM-SHA-256");
security.protocol:
SASL_PLAINTEXT
sasl.mechanism:
SCRAM-SHA-256
Properties
Java

27. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka-secure
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha512
Properties
Java

28. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka-secure
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha512
security.protocol:
SASL_SSL
sasl.mechanism:
SCRAM-SHA-512
Properties
Java

29. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka-secure
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: scramSha512
Properties props = new Properties();
props.put(
CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG,
"mycluster.org:8092");
props.put(
CommonClientConfigs.SECURITY_PROTOCOL_CONFIG,
"SASL_SSL");
props.put(
SaslConfigs.SASL_MECHANISM,
"SCRAM-SHA-512");
security.protocol:
SASL_SSL
sasl.mechanism:
SCRAM-SHA-512
Properties
Java

30. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: plain
Properties
Java

31. asyncapi: 2.2.0
info:
title: My Kafka topic
version: 1.0.0
servers:
demo:
url: mycluster.org:8092
protocol: kafka
security:
- mysecurity
components:
securitySchemes:
mysecurity:
type: plain
Properties props = new Properties();
props.put(
CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG,
"mycluster.org:8092");
props.put(
CommonClientConfigs.SECURITY_PROTOCOL_CONFIG,
"SASL_PLAINTEXT");
props.put(
SaslConfigs.SASL_MECHANISM,
"PLAIN");
security.protocol:
SASL_PLAINTEXT
sasl.mechanism:
PLAIN
Properties
Java

32. AsyncAPI
server protocol
AsyncAPI
security scheme type
Kafka
sasl.mechanism
Kafka
security.protocol
kafka PLAINTEXT
kafka plain SASL_PLAINTEXT PLAIN
kafka scramSha256 SASL_PLAINTEXT SCRAM-SHA-256
kafka scramSha512 SASL_PLAINTEXT SCRAM-SHA-512
kafka oauth2 SASL_PLAINTEXT OAUTHBEARER
kafka gssapi SASL_PLAINTEXT GSSAPI
kafka-secure SSL
kafka-secure plain SASL_SSL PLAIN
kafka-secure scramSha256 SASL_SSL SCRAM-SHA-256
kafka-secure scramSha512 SASL_SSL SCRAM-SHA-512
kafka-secure oauth2 SASL_SSL OAUTHBEARER
kafka-secure gssapi SASL_SSL GSSAPI
kafka-secure X509 SSL

33. Tools that understand this:
• AsyncAPI generator
• @asyncapi/markdown-template
• https://github.com/asyncapi/markdown-template
• @asyncapi/html-template
• https://github.com/asyncapi/asyncapi-react
• @asyncapi/java-spring-template
• https://github.com/asyncapi/java-spring-template
• @asyncapi/java-template
• https://github.com/IBM-messaging/mq-asyncapi-java-template
• Node-RED AsyncAPI plugin
• https://github.com/dalelane/node-red-contrib-plugin-asyncapi

34. Describing Kafka security in AsyncAPI
Dale Lane, IBM