Kafka API authentication

Enabling authentication

When you run a single-node local YDB cluster, anonymous authentication is used by default. It doesn't require a username and password.

To require authentication see Authentication.

Authentication is always enabled when using the Kafka API in Yandex Cloud.

How does authentication work in the Kafka API?

The Kafka API uses the SASL_PLAINTEXT/PLAIN or SASL_SSL/PLAIN authentication mechanism.

The following variables are required for authentication:

  • <user-name> — the username. For information about user management, refer to the Authorization section.
  • <password> — the user's password. For information about user management, refer to the Authorization section.
  • <database>the database path.

These parameters form the following variables, which you can use in the sasl.jaas.config Kafka client property:

  • <sasl.username> = <user-name>@<database>
  • <sasl.password> = <password>

Note

The <sasl.username> and <sasl.password> parameters are formed differently. See examples for details.

For authentication examples, see Kafka API usage examples.

Previous
Overview
Next
Usage examples