Deploy Secure Confluent Platform Docker Images

Confluent Platform supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients. Using security with your Kafka clusters is optional, but recommended.

All Confluent Platform security features are supported on the Confluent Platform Docker images.

For details on the available security features in Confluent Platform, see the Confluent Platform Security Overview Documentation.

Manage secrets

When you enable security for the Confluent Platform, you must pass secrets such as credentials, certificates, keytabs, Kerberos configuration, and more to the container. The images handle this by expecting the credentials to be available in the secrets directory. The containers specify a Docker volume for secrets and expect the administrator to map it to a directory on the host that contains the required secrets. For details about how to configure secrets protection in Docker containers, refer to Configuring secrets for Docker.

Use TLS/SSL

For a tutorial on using TLS/SSL in Confluent Platform, see Scripted Confluent Platform Demo.

Use Audit logging

For details about how to configure audit logging in Docker containers, refer to Configure audit logs in Docker.

Use OAuth

Starting with Confluent Platform 7.8, you can “Bring Your Own Identity” and configure OAuth 2.0 with Confluent Platform. For more information, see Use SASL/OAUTHBEARER Authentication between Confluent Server Brokers and Kafka Clients in Confluent Platform.

For an example that shows how to configure OAuth with Confluent Platform running in Docker, see OAuth in Confluent Platform on GitHub.