KIP-317 — Add end-to-end data encryption functionality to Apache Kafka
Discussion Security
Proposes a pluggable end-to-end encryption framework for Kafka that encrypts record payloads at the producer before they are written to the broker and decrypts them at the consumer, keeping plaintext away from brokers and ZooKeeper. This addresses GDPR and financial-sector at-rest encryption requirements that TLS-in-transit alone does not satisfy because brokers still store and process plaintext records.
Details
| Author | Sönke Liebau |
| Status | Discussion |
| Wiki | View on Apache Wiki |
| Created | 2018-06-18 |
| Last Modified | 2020-04-28 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.