Hi Men,
That config snippet has a small syntax error: all double quotes should be
escaped. Assuming you tried something like this:
"database.history.producer.sasl.jaas.config":
"org.apache.kafka.common.security.scram.ScramLoginModule required
username=\"${file:/path/file.pro:user\"} password=\"${file:/path/file.pro
:password}\";"
and still ran into issues, we'd probably need to see log files or, at the
very least, the stack trace for the task from the REST API (if it failed at
all) in order to follow up and provide more help.
Cheers,
Chris
On Mon, Mar 7, 2022 at 3:26 PM Men Lim <zulu...@gmail.com> wrote:
> Hi Chris,
> I was getting an unauthorized/authentication error message when I was
> trying it out last Friday. I tried looking for the exact message in the
> connect.log.* files but was not very successful. In my connector file, I
> have
>
> {
> "name":"blah",
> "config": {
> ...
> ...
> "database.history.producer.sasl.jaas.config":
> "org.apache.kafka.common.security.scram.ScramLoginModule required
> username=\"000\" password=\"000000\";",
> ...
> }
> }
>
> I changed the database.history.producer.sasl.jaas.config to:
>
> "database.history.producer.sasl.jaas.config":
> "org.apache.kafka.common.security.scram.ScramLoginModule required
> username="${file:/path/file.pro:user"} password="${file:/path/file.pro:
> password}";",
>
> On Mon, Mar 7, 2022 at 9:46 AM Chris Egerton <fearthecel...@gmail.com>
> wrote:
>
> > Hi Men,
> >
> > The config provider mechanism should work for every property in a
> connector
> > config, and every property in a worker config except for the plugin.path
> > property (see KAFKA-9845 [1]). You can also use it for only part of a
> > single property, or even multiple parts, like in this example (assuming a
> > config provider named "file"):
> >
> > sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
> > required username="${file:/some/file.properties:username}"
> > password="${file:/some/file.properties:password}"
> >
> > What sorts of errors are you seeing when trying to use a config provider
> > with sasl/scram credentials?
> >
> > [1] - https://issues.apache.org/jira/browse/KAFKA-9845
> >
> > Cheers,
> >
> > Chris
> >
> > On Mon, Mar 7, 2022 at 10:35 AM Men Lim <zulu...@gmail.com> wrote:
> >
> > > Hi all,
> > >
> > > recently, I found out about
> > >
> > > config.providers=file
> > >
> > >
> > >
> >
> config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
> > >
> > > This works great to remove our embedded database password into an
> > external
> > > file. However, it does not work when I tried to do the same thing with
> > the
> > > sasl/scram username and password found in the distributor or connector
> > file
> > > for kafka connect:
> > >
> > >
> sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
> > > required \
> > > username="000" password="some_password";
> > >
> > > I was wondering if there's a way to secure these passwords as well?
> > >
> > > Thanks,
> > >
> >
>
