AWS Lambda and Confluent Credentials

Hi all,

I have developing an AWS lambda which I am testing locally, by loading a kafka.properties file and the credentials for the Dev Environment.

The one below if the most important one.

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username='xxxxxxxxxx' password='xxxxxxxxxxxxxx';

Could you please let me know how to should these properties be loaded in production. Is there a recommended approach to securely store and deploy this property or property file.

Cheers
Kris

Hi Kris. A few options to consider:

• Any secret store you are already using or have access to e.g. in a containerised environment.
• AWS Secret Manager Credential password secrets management - AWS Secrets Manager - Amazon Web Services
• Switch to OIDC/OAuth2.

In the case of the first two, you’d construct that property from a template, incorporating the secret, and pass it to your client properties.

For OIDC/OAuth2, this is now available in Limited Availability in Confluent Cloud, so contact Support if you need access. See Configure clients for Confluent Cloud OAuth | Confluent Documentation for alternate client properties. You’ll need an identity provider configured in your Confluent Cloud account.

Best
Brett

thanks Brett, much appreciated. Will look into SSM.

Krisrr3,
curious, are a publisher or consumer on the topics.
looking for some examples of Lambda writing to Confluent Cloud Topics, if you can assist.
G