Managing Cluster Security
You secure a Kafka cluster in Streaming with Apache Kafka by configuring authentication, authorization, and data encryption.
- Authentication
-
Authentication controls who can access or sign in to a Kafka cluster. In OCI Streaming with Apache Kafka, secure access to a Kafka cluster is configured using the following two authentication mechanisms:
- SASL/SCRAM (Simple Authentication and Security Layer/ Salted Challenge Response Mechanism)
- mTLS (Mutual Transport Layer Security)
- Authorization
-
Authorization controls the permissions of Kafka clients to a Kafka cluster brokers.
- Encryption
-
Encryption ensures that the data exchanged between Kafka clients and Kafka cluster brokers is protected and can be decoded only by authorized clients and brokers. Data in Kafka clusters is encrypted both at rest and in transit, ensuring message integrity. By default, all encryption-related matters are handled by Oracle, but you can manage your own encryption keys using Oracle Cloud Infrastructure Vault. Vault lets you to bring your own Advanced Encryption Standard (AES) symmetric keys and manage, rotate, disable, and delete them as needed.