Manage Security in Confluent Platform

Confluent Platform is the central nervous system for a business, uniting your organization around an Apache Kafka®-based single source of truth. It is frequently used to store mission-critical data, and therefore enabling security features are crucial.

By default, there is no encryption or authentication, nor are ACLs configured. Any Kafka client can communicate to Confluent Server brokers using the PLAINTEXT port. It is critical that access using this port is restricted to trusted Kafka clients only. Network segmentation and/or authorization ACLs can be used to restrict access to trusted IPs in such cases. If neither is used, then the cluster is wide open and can be accessed by anyone.

While non-secured clusters are supported, as are a mix of authenticated, unauthenticated, encrypted and non-encrypted clients, it is recommended to secure the components in your Confluent Platform deployment.

Related content

• Apache Kafka Security (Confluent Developer course)
• Confluent Cloud Security (Confluent Developer course)
• An Introduction to Apache Kafka Security: Securing Real-Time Data Streams (Confluent blog)
• Apache Kafka Security Best Practices (podcast)
• Best Practices to Secure Your Apache Kafka Deployment.
• Confluent Platform demo for a working deployment of encryption, authentication, and authorization configured end-to-end across all Confluent Platform components.
• What are the required Firewall configurations for Confluent Platform (Confluent Support)