Thanks for the response Chris. I went thru the setup again and it appeared
I might have had a typo somewhere last friday. Currently, I'm running into
a file permission issue.
the file has the following permissions:
-rw-r--r-- 1 adm admn 88 Mar 7 21:23 connector_credentials.properties
I have tried changing the pwd to 700 but still the same error:
Unable to connect: Access denied for user
'${file:/app/data/cred/connector_credentials.prop'@'172.x.x.x' (using
password: YES)
On Mon, Mar 7, 2022 at 1:55 PM Chris Egerton <fearthecel...@gmail.com>
wrote:
> Hi Men,
>
> That config snippet has a small syntax error: all double quotes should be
> escaped. Assuming you tried something like this:
>
> "database.history.producer.sasl.jaas.config":
> "org.apache.kafka.common.security.scram.ScramLoginModule required
> username=\"${file:/path/file.pro:user\"} password=\"${file:/path/file.pro
> :password}\";"
>
> and still ran into issues, we'd probably need to see log files or, at the
> very least, the stack trace for the task from the REST API (if it failed at
> all) in order to follow up and provide more help.
>
> Cheers,
>
> Chris
>
> On Mon, Mar 7, 2022 at 3:26 PM Men Lim <zulu...@gmail.com> wrote:
>
> > Hi Chris,
> > I was getting an unauthorized/authentication error message when I was
> > trying it out last Friday. I tried looking for the exact message in the
> > connect.log.* files but was not very successful. In my connector file, I
> > have
> >
> > {
> > "name":"blah",
> > "config": {
> > ...
> > ...
> > "database.history.producer.sasl.jaas.config":
> > "org.apache.kafka.common.security.scram.ScramLoginModule required
> > username=\"000\" password=\"000000\";",
> > ...
> > }
> > }
> >
> > I changed the database.history.producer.sasl.jaas.config to:
> >
> > "database.history.producer.sasl.jaas.config":
> > "org.apache.kafka.common.security.scram.ScramLoginModule required
> > username="${file:/path/file.pro:user"} password="${file:/path/file.pro:
> > password}";",
> >
> > On Mon, Mar 7, 2022 at 9:46 AM Chris Egerton <fearthecel...@gmail.com>
> > wrote:
> >
> > > Hi Men,
> > >
> > > The config provider mechanism should work for every property in a
> > connector
> > > config, and every property in a worker config except for the
> plugin.path
> > > property (see KAFKA-9845 [1]). You can also use it for only part of a
> > > single property, or even multiple parts, like in this example
> (assuming a
> > > config provider named "file"):
> > >
> > >
> sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
> > > required username="${file:/some/file.properties:username}"
> > > password="${file:/some/file.properties:password}"
> > >
> > > What sorts of errors are you seeing when trying to use a config
> provider
> > > with sasl/scram credentials?
> > >
> > > [1] - https://issues.apache.org/jira/browse/KAFKA-9845
> > >
> > > Cheers,
> > >
> > > Chris
> > >
> > > On Mon, Mar 7, 2022 at 10:35 AM Men Lim <zulu...@gmail.com> wrote:
> > >
> > > > Hi all,
> > > >
> > > > recently, I found out about
> > > >
> > > > config.providers=file
> > > >
> > > >
> > > >
> > >
> >
> config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
> > > >
> > > > This works great to remove our embedded database password into an
> > > external
> > > > file. However, it does not work when I tried to do the same thing
> with
> > > the
> > > > sasl/scram username and password found in the distributor or
> connector
> > > file
> > > > for kafka connect:
> > > >
> > > >
> > sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
> > > > required \
> > > > username="000" password="some_password";
> > > >
> > > > I was wondering if there's a way to secure these passwords as well?
> > > >
> > > > Thanks,
> > > >
> > >
> >
>
