We're Moving!

The Vertica Forum is moving to a new OpenText Analytics Database (Vertica) Community.

Join us there to post discussion topics, learn about

product releases, share tips, access the blog, and much more.

Create My New Community Account Now


9.3.1. Kafka scheduler and SASL_PLAINTEXT credentials — Vertica Forum

9.3.1. Kafka scheduler and SASL_PLAINTEXT credentials

LauriPessiLauriPessi Vertica Customer
in General Discussion

Is there a preferred approach for passing SASL_PLAINTEXT username & password to vkconfig?

Documentation suggests setting sasl.username and sasl.password to rdkafka via kafka_conf -parameter, but these expose the credentials to logs as cleartext with COPY commands generated by the scheduler.

Tagged:

Best Answers

  • SergeBSergeB - Select Field - Employee
    Answer ✓

    That's the only mechanism to pass these parameters at the moment. I will log an enhancement request to obfuscate the password in the logs (as is done for other sensitive parameters.

  • SergeBSergeB - Select Field - Employee
    Answer ✓

    This has been addressed in 12.0.4, there is now an extra parameter called kafka_conf_secret where you can put sensitive configuration options such as sasl.password. see: https://docs.vertica.com/12.0.x/en/new-features/12.0.4/kafka-integration/

Answers

  • LauriPessiLauriPessi Vertica Customer

    We're now 2 major versions (v11.1.1-11) ahead of this discussion, the format of kafka_conf has changed to json but sasl.password passed with kafka_conf still seems to end up on query_requests and vertica.log as is?

  • LauriPessiLauriPessi Vertica Customer

    Thanks, seems that we're due for an version upgrade.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...