Abstract:
Apache Kafka offers several security features ranging from authentication and authorisation mechanisms to over-the-wire encryption. This notwithstanding, data encryption performed at the client-side, which leads to explicit data-at-rest protection in topics at the broker's side, can still be considered a blind spot.
After highlighting the main benefits for data-at-rest protection, this session discusses in-depth how to selectively encrypt and decrypt sensitive payload fields in the context of Apache Kafka Connect pipelines. In particular, an ecosystem community project with codename Kryptonite - written and open-sourced by the speaker earlier this year - is introduced.
During this demo-driven talk, you will learn how to benefit from a configurable single message transformation that lets you perform encryption and decryption operations in Kafka Connect worker nodes without any custom code. Client-side cryptography makes your integration scenarios more secure by safeguarding the most sensitive and precious data against any form of uncontrolled or illegal access once it hits the Apache Kafka brokers.
Code:
- Kryptonite for Kafka Project: https://github.com/hpgrahsl/kryptonite-for-kafka
- Demo Scenarios: https://github.com/hpgrahsl/ks22-ldn-k4k-demo
hpgrahsl
squer
khmer495
jmatsu
konokenj
ledsun
honma12345
torounit
77web
satoshi7190
rinchsan
gotok365
yuzuy
zenorocha
danielanewman
jlugia
zakiwarfel
jacobian
tanoku
garrettdimon
mojombo
marcelosomers
nonsquared
sferik
chrislema