search

segmentio / topicctl

Tool for declarative management of Kafka topics
MIT License
579 stars 54 forks source link

feat: support for credentials in AWS Secrets Manager #174

Closed petedannemann closed 6 months ago

petedannemann commented 6 months ago

Add support for credentials stored in AWS Secrets Manager.

The Amazon Resource Name (ARN) of a secret in AWS Secrets Manager can be provided in a cluster.yaml file as a way to provide credentials for SASL authentication. The secret in Secrets Manager must have a value in the format shown below, identical to what AWS MSK requires.

{
  "username": "alice",
  "password": "alice-secret"
}

An example of secrets manager being used can be seen below. Be sure to include the 6Random-Characters AWS Secrets Manager tacks on to the end of a secrets ARN.

sasl:
    enabled: true
    mechanism: SCRAM-SHA-512
    secretsManagerArn: arn:aws:secretsmanager:<Region>:<AccountId>:secret:SecretName-6RandomCharacters

Further documentation on how can be used can be seen in examples/auth/cluster.yaml or the README