.. _security_with_docker: Deploy Secure |cp| Docker Images ################################ |cp| supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients. Using security is optional. These security features are supported on the |cp| Docker images: .. csv-table:: :header: "Component", "Feature" :widths: 20, 20 "Confluent Control Center", "HTTPS" "Kafka Connect", "None" "Kafka", "SASL, SSL" "REST Proxy", "HTTPS" "Schema Registry", "HTTPS" "ZooKeeper", "SASL" For details on the available security features in |cp|, see the :ref:`Confluent Platform Security Overview Documentation `. Manage secrets ************** When you enable security for the |cp|, you must pass secrets such as credentials, certificates, keytabs, Kerberos configuration, and more to the container. The images handle this by expecting the credentials to be available in the secrets directory. The containers specify a Docker volume for secrets and expect the administrator to map it to a directory on the host that contains the required secrets. For details about how to configure secrets protection in Docker containers, refer to :ref:`Configuring secrets for Docker `. Use TLS/SSL *********** For a tutorial on using TLS/SSL in |cp|, see :ref:`cp-demo`. Use Audit logging ***************** For details about how to configure audit logging in Docker containers, refer to :ref:`audit-logging-docker`. Related content *************** - :ref:`cp-demo` - :ref:`security`