KIP-1119 — Add support for SSL hot reload
Discussion SecurityClient
Adds `ssl.auto.reload` configuration to Kafka clients (producers, consumers) and brokers so SSL/TLS certificates are automatically reloaded when updated on disk without requiring a restart. Currently, only brokers support dynamic SSL certificate rotation via dynamic config; producers and consumers require disruptive restarts when certificates are rotated by external agents.
Details
| Author | Moncef Abboud |
| Status | Discussion |
| JIRA | KAFKA-10731 |
| Wiki | View on Apache Wiki |
| Created | 2024-12-02 |
| Last Modified | 2025-03-20 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.