Closed CameronHudson8 closed 5 months ago
This has been discussed many times in the past. Overriding the default truststore / keystore is a bad security practice. You should not do it. The MongoDB connector should do what most other connectors do and provide proper configuration options to specify its trust store and its password.
FYI: I guess these are the options you should use: https://jira.mongodb.org/browse/KAFKA-348
Discussed on the community call on 18.4.: As explained above, the connector configuration options should be used instead of changing the default stores. This should be closed.
Related problem
I'm trying to set up a Strimzi
KafkaConnect
custom resource with aKafkaConnector
based on the MongoDB Kafka Connector.I'm able to get it to work with MongoDB X509 authentication, but to do so, I need to hardcode the passwords of the Java trust store and key store files in the
KafkaConnect
manifest. Example:Suggested solution
Would it be possible to allow configmaps or secrets to be referenced here, similar to what's possible for the
externalConfiguration
property? This is an example of what I'm imagining, inspired by the EnvVar kubernetes property:Alternatives
No response
Additional context
No response