.. _security_prefixes: Prefixes for Configuring Security --------------------------------- Configuration Parameters ~~~~~~~~~~~~~~~~~~~~~~~~ Each component in the Confluent Platform can be configured for security. This tables shows for each component, what is the prefix for security configuration properties and where to configure the property. ===================================== =================================================== ======================================================= Component Prefix Where to Configure ===================================== =================================================== ======================================================= Broker none ``etc/kafka/server.properties`` Console Clients none client properties, e.g. producer.config or consumer.config Connect workers none, and ``producer.`` or ``consumer.`` ``etc/kafka/connect-distributed.properties`` |c3-short| ``confluent.controlcenter.streams.`` ``etc/confluent-control-center/control-center.properties`` Java Clients Java clients use static parameters defined in the SslConfigs or SaslConfigs in Properties class Javadoc: - `SSL `_ - `SASL `_ Metrics Reporter ``confluent.metrics.reporter.`` ``etc/kafka/server.properties`` Monitoring Interceptors in clients ``confluent.monitoring.interceptor.`` client properties, e.g. producer.config or consumer.config Monitoring Interceptors in Connect ``producer.confluent.monitoring.interceptor.`` ``etc/kafka/connect-distributed.properties`` ``consumer.confluent.monitoring.interceptor.`` Monitoring Interceptors in Replicator ``src.consumer.confluent.monitoring.interceptor.`` connector JSON file (not the worker properties file) Replicator - ``dest.kafka.`` connector JSON file (not the worker properties file) - ``src.kafka.`` REST Proxy ``client.`` ``etc/kafka/kafka-rest.properties`` |sr| ``kafkastore.`` ``etc/schema-registry/schema-registry.properties`` |zk| none ``etc/kafka/zookeeper.properties`` ===================================== =================================================== ======================================================= Environment Variables for Configuring HTTPS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If a component in the Confluent Platform needs to connect to a service via HTTPS, for example to a HTTPS-enabled |sr-long|, you may need to configure the :ref:`SSL credentials for that HTTPS connection `. This table shows for each component, the name of the environment variable to configure with SSL credentials for those HTTPS connections. +------------------------------------+----------------------------------------------------+ | Component | Environment Variable | +====================================+====================================================+ | Broker | ``KAFKA_OPTS`` | +------------------------------------+----------------------------------------------------+ | Console Clients | ``KAFKA_OPTS`` | +------------------------------------+----------------------------------------------------+ | KSQL | ``KSQL_OPTS`` | +------------------------------------+----------------------------------------------------+ | Connect workers | ``KAFKA_OPTS`` | +------------------------------------+----------------------------------------------------+ | Control Center | ``CONTROL_CENTER_OPTS`` | +------------------------------------+----------------------------------------------------+ | |sr| | ``SCHEMA_REGISTRY_OPTS`` | +------------------------------------+----------------------------------------------------+ | REST Proxy | ``KAFKAREST_OPTS`` | +------------------------------------+----------------------------------------------------+ Additional Environment Variables ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you using the |sr| :ref:`ACL Authorizer with SASL `, pass in JAAS configuration file using the ``SECURITY_PLUGINS_OPTS`` environment variable before calling ``sr-acl-cli``. .. include:: ../includes/sracl-env.rst