KIP-651 — Support PEM format for SSL certificates and private key
Accepted Kafka 2.7 Security
Adds support for PEM-encoded certificates and private keys directly in Kafka SSL configuration via new `ssl.keystore.type=PEM` and inline `ssl.keystore.certificate.chain`/`ssl.keystore.key` configs, eliminating the need to manage JKS or PKCS12 keystore files. Managing JKS/PKCS12 keystores in containerized and secret-management environments (Vault, Kubernetes Secrets) is cumbersome; PEM strings can be injected directly from environment variables or secret stores.
Details
| Author | Rajini Sivaram |
| Status | Accepted |
| Kafka Version | 2.7 |
| JIRA | KAFKA-10338 |
| Wiki | View on Apache Wiki |
| Created | 2020-08-03 |
| Last Modified | 2020-08-10 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.