Open EricWittmann opened 3 years ago
Fleshgrinder
commented
2 years ago For what it's worth there's high interest in mTLS as an authentication and authorization method on our side. We use it heavily, and it would be great to reuse the same credentials for both Kafka and the schema registry that accompanies it to simplify configuration and automation. 😊
carlesarnal
commented
2 years ago I'll test this deployment and check the result but, since Registry is a Quarkus app, this should be already possible using Quarkus configuration. I'll test this to fully confirm if we can claim is already supported.
carlesarnal
commented
2 years ago @Fleshgrinder when you asked for this you meant using the same credentials for Kafka and for the connection that Registry is creating when using Kafka as the storage option or to be able to use the same credentials in Kafka and for external apps accessing Registry?
Fleshgrinder
commented
2 years ago Simply to reuse the same client certificates. Basically that Kafka and Apicurio trust the same root certificate. Connection reuse is impossible with the current state of schema registries in general, since that would require that the Kafka cluster hosts the schema registry.
carlesarnal
commented
2 years ago Ok, that's what I thought. With Registry being a Quarkus app, that should be already possible using existing Quarkus capabilities and properties.
Some relevant information about mTLS and Quarkus is here:
https://quarkus.io/blog/quarkus-mutual-tls/