SSL and Basic Auth support for Schema Registry connection

Currently, I am not able to connect to Schema Registry over HTTPS, because SSL certificate does not seem to be used for it:

$ ./kafkacat -b $KAFKA_BROKER_HOST:$KAFKA_BROKER_PORT \
> -t my_topic \
> -s value=avro \
> -r https://$KAFKA_API_KEY:$KAFKA_API_SECRET@$KAFKA_SCHEMA_REGISTRY_HOST:$KAFKA_SCHEMA_REGISTRY_PORT \
> -X security.protocol=SASL_SSL \
> -X sasl.mechanisms=PLAIN \
> -X sasl.username="$KAFKA_API_KEY" -X sasl.password="$KAFKA_API_SECRET" \
> -X ssl.keystore.location=$KAFKA_KEYSTORE_P12_LOCATION \
> -X ssl.keystore.password=$KAFKA_KEYSTORE_PASSPHRASE \
> -X ssl.key.password=$KAFKA_KEY_PASSPHRASE \
> -X enable.ssl.certificate.verification=false \
> -C \
> -o beginning
% ERROR: Failed to format message in my_topic [0] at offset 2: Avro/Schema-registry message deserialization: REST request failed (code -1): HTTP request failed: SSL peer certificate or SSH remote key was not OK : terminating

It would be nice to be able to specify SSL certificates to be used for the Schema Registry connection via some properties, as well as Basic Auth credentials. Something similar to what is possible with kafka-avro-console-consumer:

export SCHEMA_REGISTRY_OPTS="-Djavax.net.ssl.keyStore=$KAFKA_KEYSTORE_LOCATION -Djavax.net.ssl.trustStore=$KAFKA_TRUSTSTORE_LOCATION -Djavax.net.ssl.keyStorePassword=$KAFKA_KEYSTORE_PASSPHRASE -Djavax.net.ssl.trustStorePassword=$KAFKA_TRUSTSTORE_PASSPHRASE"

./kafka-avro-console-consumer
...
--property schema.registry.url=https://$KAFKA_SCHEMA_REGISTRY_HOST:$KAFKA_SCHEMA_REGISTRY_PORT \
--property schema.registry.basic.auth.user.info="$KAFKA_API_KEY:$KAFKA_API_SECRET" \
--property basic.auth.credentials.source=USER_INFO \
...

edenhill / kcat

SSL and Basic Auth support for Schema Registry connection #307