mTLS with kafka-python

kafka-python consumer using TLS mutual authentication with an Amazon MSK Cluster

  • Go to the /tmp/kafka dir and edit the kafka-consumer-python.py file and edit the following properties.

    cd /tmp/kafka
    bootstrap.servers=<BootstrapBroker-String(TLS)>    
    
  • Go to the /tmp dir and generate the truststore.pem file. This will be used as the ssl_cafile in the kafka-python program.
    Note: It should ask for a password. The default password is changeit. If you would like to change the password to a different password, you can run the command below. Then use that password in the following command.

    keytool -keystore /tmp/kafka.client.truststore.jks -storepass changeit -storepasswd -new <new password>
    
    keytool --list -rfc -keystore /tmp/kafka.client.truststore.jks >/tmp/truststore.pem
    
  • Go to the /tmp/kafka dir and execute the kafka-python program. The consumer consumes from the test topic which you produced into using the kafka-console-producer in an earlier lab. If you haven’t run that lab, the topic might not exist and/or the topic might not have any data and the consumer could appear to hang.

    cd /tmp/kafka
    python3 kafka-consumer-python.py
    
  • Ctrl-C to stop the program.