Please enhance kafka2 output plugin to support ssl_client_cert_key_password

[awulms-swift]

Is your feature request related to a problem? Please describe.

In our environment we prefer to use TLS private keys for client certificates that are protected with a password. At the moment, the kafka2 output plugin supports client certificate with private key for mTLS communication with the kafka broker. However, the kafka2 plugin only supports password-less private keys, so we can't use a password protected private key.

Describe the solution you'd like

I notice in the documentation that you use underlying ruby-kafka library from zendesk. According to their documentation (https://github.com/zendesk/ruby-kafka#encryption-and-authentication-using-ssl), the ruby-kafka library does support ssl_client_cert_key_password.

Can you please expose this as a configuration variable so that we can inject the password into the configuration?

Describe alternatives you've considered

Clone this repository, enhance the code ourselves and then build our own docker image with fluentd.

Additional context

No response

[ashie]

Here is an example to add a parameter for ruby-kafka: #448 I'm looking forward your pull request :smiley:

[ashie]

Here is an example to add a parameter for ruby-kafka: #448 I'm looking forward your pull request smiley

272 is a more suitable example for TLS parameters.

In addition, adding secret: true is desired for a credential parameter like this to mask it when dumping config to logs: https://github.com/fluent/fluent-plugin-kafka/blob/44dd8ce537da7d48df667c206f46326ab2bdfdaf/lib/fluent/plugin/kafka_plugin_util.rb#L61

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

[github-actions[bot]]

This issue was automatically closed because of stale in 30 days

[awulms-swift]

Thanks