SASL PLAIN_TEXT using env variables not working

Ops Containers
1

Hello,

Been fighting with this for a while, I cant’ get a the following docker-compose.yml file to work. I have the constraints I can’t mount volumes to my docker, so everything has to be passed as an env variable.

version: "3.8"

services:
  zookeeper:
    image: confluentinc/cp-zookeeper:latest
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      ZOOKEEPER_AUTH_PROVIDER_1: org.apache.zookeeper.server.auth.SASLAuthenticationProvider
      ZOOKEEPER_REQUIRE_CLIENT_AUTH_SCHEME: digest
      ZOOKEEPER_SASL_CLIENTCONFIG: "Client"
      ZOOKEEPER_JAAS_CONFIG: >-
        Server {
          org.apache.zookeeper.server.auth.DigestLoginModule required
          user_admin="admin-secret";
        };
      KAFKA_OPTS: "-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext"
    ports:
      - "2181:2181"

  kafka:
    image: confluentinc/cp-kafka:latest
    ports:
      - "9092:9092"
      - "9093:9093"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: SASL_PLAINTEXT://0.0.0.0:9093,PLAINTEXT://0.0.0.0:9092
      KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://kafka:9093,PLAINTEXT://kafka:9092
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,SASL_PLAINTEXT:SASL_PLAINTEXT
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_SASL_ENABLED_MECHANISMS: "PLAIN"
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: "PLAIN"
      KAFKA_SASL_MECHANISM_INTER_BROKER: "PLAIN"
      KAFKA_INTER_BROKER_LISTENER_NAME: "SASL_PLAINTEXT"
      KAFKA_LISTENER_NAME_SASL_PLAINTEXT_PLAIN_SASL_JAAS_CONFIG: >-
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="admin"
        password="admin-secret"
        user_admin="admin-secret";
      KAFKA_OPTS: "-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext"
    depends_on:
      - zookeeper

  schema-registry:
    image: confluentinc/cp-schema-registry:latest
    ports:
      - "8081:8081"
    environment:
      SCHEMA_REGISTRY_HOST_NAME: schema-registry
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: SASL_PLAINTEXT://kafka:9093
      SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081
      SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SASL_PLAINTEXT
      SCHEMA_REGISTRY_KAFKASTORE_SASL_MECHANISM: PLAIN
      SCHEMA_REGISTRY_KAFKASTORE_SASL_JAAS_CONFIG: >-
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="admin"
        password="admin-secret";
    depends_on:
      - kafka

I will just keep getting the error:

2025-03-08 01:15:41 java.lang.IllegalArgumentException: Could not find a ‘KafkaServer’ or ‘sasl_plaintext.KafkaServer’ entry in the JAAS configuration. System property ‘java.security.auth.login.config’ is not set

I thought I could get around setting java.security.auth.login.config when passing the right virtual envs.

Already looked at similar threads like here .

Tried to implement this without all the properties/jaas files but failing misserably kafka-docker-playground/environment/sasl-plain at master · vdesabou/kafka-docker-playground · GitHub

Thanks