The Vertica Forum recently got a makeover! Let us know what you think by filling out this short, anonymous survey.
Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!

9.3.1. Kafka scheduler and SASL_PLAINTEXT credentials

LauriPessiLauriPessi Vertica Customer

Is there a preferred approach for passing SASL_PLAINTEXT username & password to vkconfig?

Documentation suggests setting sasl.username and sasl.password to rdkafka via kafka_conf -parameter, but these expose the credentials to logs as cleartext with COPY commands generated by the scheduler.

Best Answers

  • SergeBSergeB - Select Field - Employee
    Answer ✓

    That's the only mechanism to pass these parameters at the moment. I will log an enhancement request to obfuscate the password in the logs (as is done for other sensitive parameters.

  • SergeBSergeB - Select Field - Employee
    Answer ✓

    This has been addressed in 12.0.4, there is now an extra parameter called kafka_conf_secret where you can put sensitive configuration options such as sasl.password. see:


  • LauriPessiLauriPessi Vertica Customer

    We're now 2 major versions (v11.1.1-11) ahead of this discussion, the format of kafka_conf has changed to json but sasl.password passed with kafka_conf still seems to end up on query_requests and vertica.log as is?

  • LauriPessiLauriPessi Vertica Customer

    Thanks, seems that we're due for an version upgrade.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file