KIP-900 — KRaft kafka-storage.sh API additions to support SCRAM for Kafka Brokers
Accepted Kafka 3.5 KRaftSecurity
Extends kafka-storage.sh format with an --add-scram option that writes UserScramCredentialsRecord entries into the bootstrap.checkpoint, enabling SCRAM inter-broker authentication from the first cluster startup in KRaft mode. In ZooKeeper mode, SCRAM credentials could be seeded into ZooKeeper before brokers started; no equivalent mechanism existed for KRaft's __cluster_metadata bootstrap.
Details
| Author | Proven Provenzano |
| Status | Accepted |
| Kafka Version | 3.5 |
| JIRA | KAFKA-14084 |
| Wiki | View on Apache Wiki |
| Created | 2023-01-19 |
| Last Modified | 2023-02-28 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.