StephenSorriaux
commented
3 months ago Hello,
I believe this already available using the several ssl_* configurations (see https://github.com/StephenSorriaux/ansible-kafka-admin/blob/master/module_utils/kafka_lib_commons.py#L46)
security_protocol must be set to SSL in that case.
You can refer to https://github.com/StephenSorriaux/ansible-kafka-admin?tab=readme-ov-file#using-ssl as to see how to pass the path to the cert/key/ca files or their content.
Currently only the SASL authentication method seems to be supported when using SSL. It would be great to have the option to use mTLS as well - where the brokers and consumers/producers need to supply a certificate signed by a trusted CA. When using JAVA binaries to interact with kafka, this is made using JKS keystores/truststores that ultimately include the broker/consumer/producer private key, a trusted CA certificate and a signed certificate by that very trusted CA.
Kafka mTLS documentation: https://docs.confluent.io/platform/current/kafka/configure-mds/mutual-tls-auth-rbac.html