Certificate Param in Config

[2020testuser]

Description

Hi, Could anyone please help me or shed some light on the below?

I'm getting the content of certificate file (ca.crt file ) from the environment variable key. Could anyone let me know whether there is any config parameter available that can take the file content as value (something similar to ssl.certificate.pem and ssl.key.pem) ? I see only ssl.ca.location in the Producer config.

Since, I get the crt content as an environment variable, I'm unable to use the ssl.ca.location . Also, I need to create a file with the content that I get from the environment variable key and save it to use ssl.ca.location.

Thanks in advance! Example : config = { 'bootstrap.servers':bootstrap_server, 'security.protocol':security_protocol, 'ssl_check_hostname':True, 'ssl.ca.location':os.environ['KAFKA_NET_CERT'], # Not working as expecting the ca.crt file path. 'ssl.certificate.pem':os.environ['KAFKA_NET_TLS_CERT'], 'ssl.key.pem':os.environ['KAFKA_NET_TLS_KEY'] }

[oca159]

Hi, I am trying to do the same, did you get any answers from the kafka team? I want to specify the CA value instead of its location, I was reviewing other libraries in JS and I noticed that kafkaJS allows us to pass the CA value

[MSeal]

Schema registry code would need to overwrite the verify attribute with an SSLContext object with the cert loaded from content. For the producer side it would need rd_kafka_conf_set_ssl_cert to be called explicitly from the Python side to set in-memory string contents as the cert rather than passed as config (or changed in librdkafka to take the additional config and parse therein). Saving the PEM contents in this config itself might be a security risk though so one would want to pass the env variable name instead probably.

Short workaround is to just save the env variable to a tmp file in a properly permissions directory/file then pass that to the config.