If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: kafka.apache.org/27/streams/developer-guide/security - Streams Security | Apache Kafk.

site address: kafka.apache.org/27/streams/developer-guide/security redirected to: kafka.apache.org/27/streams/developer-guide/security

site title: Streams Security Apache Kafka

Our opinion (on Saturday 18 July 2026 11:03:05 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:


page from cache: 1 minute ago
Meta tags:
description=Kafka Streams natively integrates with the Kafka’s security features and supports all of the client-side security features in Kafka. Streams leverages the Java Producer and Consumer API. To secure your Stream processing applications, configure the security settings in the corresponding Kafka producer and consumer clients, and then specify the corresponding configuration settings in your Kafka Streams application. Kafka supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients.;

Headings (most frequently used words):

security, streams, required, acl, setting, for, secure, kafka, clusters, example, tag, cloud, tags,

Text of the page (most frequently used words):
kafka (64), the (61), and (38), streams (34), #security (33), application (27), for (20), settings (19), your (18), topics (17), client (17), ssl (15), you (15), apache (11), example (11), that (11), are (10), applications (10), with (10), data (10), can (10), this (9), cluster (9), authentication (9), password (8), put (8), internal (8), all (7), guide (7), keystore (7), must (7), encryption (7), configs (7), configure (6), secure (6), brokers (6), test1234 (6), enable (6), documentation (5), java (5), will (5), store (5), sslconfigs (5), from (5), consumer (5), use (5), create (5), required (5), features (5), connect (5), configuration (5), license (4), developer (4), org (4), producer (4), setting (4), these (4), etc (4), tls (4), truststore (4), jks (4), transit (4), read (4), authorization (4), writing (4), using (4), when (4), pattern (4), started (4), topic (4), changelog (4), retention (4), time (4), api (4), clusters (4), write (4), operations (4), design (4), log (3), such (3), common (3), kafkaexception (3), start (3), then (3), properties (3), here (3), 9093 (3), key (3), encrypt (3), note (3), not (3), between (3), reading (3), prefixed (3), acls (3), see (3), created (3), number (3), partitions (3), corresponding (3), about (3), naming (3), access (3), running (3), acl (3), clients (3), docs (3), version (3), implementation (3), page (3), introduction (3), zookeeper (3), privacy (2), events (2), donate (2), software (2), foundation (2), either (2), trademarks (2), reset (2), tool (2), managing (2), add (2), info (2), source (2), files (2), error (2), messages (2), any (2), misconfigured (2), failed (2), snip (2), caused (2), was (2), incorrect (2), fail (2), message (2), would (2), streamsconfig (2), app (2), where (2), find (2), com (2), non (2), follow (2), authenticate (2), against (2), communicating (2), protocol (2), location (2), have (2), certificates (2), locations (2), docker (2), also (2), correct (2), resource (2), control (2), kip (2), avoid (2), repartition (2), otherwise (2), input (2), there (2), across (2), set (2), more (2), releases (2), public (2), suffix (2), including (2), particular (2), user (2), network (2), define (2), only (2), specific (2), allowed (2), side (2), supports (2), encrypted (2), 2106 (2), getting (2), apis (2), dsl (2), concepts (2), quick (2), overview (2), ecosystem (2), cases (2), thanks, contents, website, 2026, under, terms, logo, registered, united, states, other, countries, next, previous, last, modified, december, 2025, every, file, handle, html, links, versioned, paths, 764, 379dba2230, monitor, spot, quickly, exception, thread, main, construct, ioexception, tampered, unrecoverablekeyexception, verification, incorrectly, runtime, typically, right, after, enter, similar, logged, terminate, code, uses, library, new, application_id_config, port, bootstrap_servers_config, further, related, may, match, trust, locally, accessible, commonclientconfigs, security_protocol_config, ssl_truststore_location_config, ssl_truststore_password_config, ssl_keystore_location_config, ssl_keystore_password_config, ssl_key_password_config, instance, being, written, itself, does, cover, essential, bootstrap, servers, snippet, below, shows, assumes, already, their, setup, necessary, available, local, filesystem, include, within, image, purpose, its, since, well, embedded, group, name, recommended, lists, allow, manage, groups, prefix, details, 290, 277, type, operation, providing, permission, manually, exist, try, recreate, them, startup, same, multiple, maximum, additionally, compaction, enabled, might, lose, windowed, ktables, apply, delete, compact, based, premature, deletion, delta, default, adds, hours, out, names, via, guarantee, future, part, operatorname, topology, describe, resources, like, ability, each, order, authorized, appropriate, run, secured, principal, has, permissions, information, server, communication, always, critical, domains, internet, partner, networks, connections, restrict, prevent, pollution, fraudulent, activities, few, relevant, mix, authenticated, unauthenticated, optional, stream, processing, specify, natively, integrates, leverages, tags, viewing, older, date, latest, ops, tag, cloud, print, entire, section, issue, child, edit, view, memory, management, interactive, queries, testing, types, serialization, operators, processor, configuring, upgrade, architecture, core, connector, development, incorporating, sasl, monitoring, hardware, multi, tenancy, geo, replication, cross, mirroring, datacenters, basic, distribution, format, layer, admin, level, broker, upgrading, download, sponsors, contact, trademark, project, summit, blog, community, powered, podcasts, videos, books, papers, quickstart, get,


Text of the page (random words):
streams security apache kafka get started introduction quickstart use cases books and papers videos podcasts docs key concepts apis configuration design implementation operations security clients kafka connect kafka streams powered by community blog kafka summit project info trademark ecosystem events contact us apache apache org license donate sponsors security privacy releases 4 3 4 2 4 1 4 0 3 9 3 8 3 7 3 6 3 5 3 4 3 3 3 2 3 1 3 0 2 8 2 7 2 6 2 5 2 4 2 3 2 2 2 1 2 0 1 1 1 0 0 11 0 0 10 2 0 10 1 0 10 0 0 9 0 0 8 2 0 8 1 0 8 0 0 7 download kafka ak 2 7 x getting started introduction use cases quick start ecosystem upgrading api configuration broker configs topic level configs producer configs consumer configs kafka connect configs kafka streams configs admin configs design design protocol implementation network layer messages message format log distribution operations basic kafka operations datacenters geo replication cross cluster data mirroring multi tenancy kafka configuration java version hardware and os monitoring zookeeper security security overview encryption and authentication using ssl authentication using sasl authorization and acls incorporating security features in a running cluster zookeeper authentication zookeeper encryption kafka connect overview user guide connector development guide kafka streams introduction quick start write a streams app core concepts architecture upgrade guide streams developer guide writing a streams application configuring a streams application streams dsl processor api naming operators in a streams dsl application data types and serialization testing a streams application interactive queries memory management running streams applications managing streams application topics streams security application reset tool view page source edit this page create child page create documentation issue print entire section required acl setting for secure kafka clusters security example tag cloud apis 1 configuration 34 connect 34 design 34 developer guide 34 docs 2106 getting started 34 implementation 34 kafka 2106 ops 34 security 34 streams 68 you are viewing documentation for an older version 2 7 of kafka for up to date documentation see the latest version ak 2 7 x kafka streams streams developer guide streams security streams security tags kafka docs kafka streams natively integrates with the kafka s security features and supports all of the client side security features in kafka streams leverages the java producer and consumer api to secure your stream processing applications configure the security settings in the corresponding kafka producer and consumer clients and then specify the corresponding configuration settings in your kafka streams application kafka supports cluster encryption and authentication including a mix of authenticated and unauthenticated and encrypted and non encrypted clients using security is optional here a few relevant client side security features encrypt data in transit between your applications and kafka brokers you can enable the encryption of the client server communication between your applications and the kafka brokers for example you can configure your applications to always use encryption when reading and writing data to and from kafka this is critical when reading and writing data across security domains such as internal network public internet and partner networks client authentication you can enable client authentication for connections from your application to kafka brokers for example you can define that only specific applications are allowed to connect to your kafka cluster client authorization you can enable client authorization of read and write operations by your applications for example you can define that only specific applications are allowed to read from a kafka topic you can also restrict write access to kafka topics to prevent data pollution or fraudulent activities for more information about the security features in apache kafka see kafka security required acl setting for secure kafka clusters kafka clusters can use acls to control access to resources like the ability to create topics and for such clusters each client including kafka streams is required to authenticate as a particular user in order to be authorized with appropriate access in particular when streams applications are run against a secured kafka cluster the principal running the application must have the acl set so that the application has the permissions to create read and write internal topics to avoid providing this permission to your application you can create the required internal topics manually if the internal topics exist kafka streams will not try to recreate them note that the internal repartition and changelog topics must be created with the correct number of partitions otherwise kafka streams will fail on startup the topics must be created with the same number of partitions as your input topic or if there are multiple topics the maximum number of partitions across all input topics additionally changelog topics must be created with log compaction enabled otherwise your application might lose data for changelog topics for windowed ktables apply delete compact and set the retention time based on the corresponding store retention time to avoid premature deletion add a delta to the store retention time by default kafka streams adds 24 hours to the store retention time you can find out more about the names of the required internal topics via topology describe all internal topics follow the naming pattern application id operatorname suffix where the suffix is either repartition or changelog note that there is no guarantee about this naming pattern in future releases it s not part of the public api since all internal topics as well as the embedded consumer group name are prefixed with the application id it is recommended to use acls on prefixed resource pattern to configure control lists to allow client to manage all topics and consumer groups started with this prefix as resource pattern type prefixed topic your application id operation all see kip 277 and kip 290 for details security example the purpose is to configure a kafka streams application to enable client authentication and encrypt data in transit when communicating with its kafka cluster this example assumes that the kafka brokers in the cluster already have their security setup and that the necessary ssl certificates are available to the application in the local filesystem locations for example if you are using docker then you must also include these ssl certificates in the correct locations within the docker image the snippet below shows the settings to enable client authentication and ssl encryption for data in transit between your kafka streams application and the kafka cluster it is reading and writing from essential security settings to enable client authentication and ssl encryption bootstrap servers kafka example com 9093 security protocol ssl ssl truststore location etc security tls kafka client truststore jks ssl truststore password test1234 ssl keystore location etc security tls kafka client keystore jks ssl keystore password test1234 ssl key password test1234 configure these settings in the application for your properties instance these settings will encrypt any data in transit that is being read from or written to kafka and your application will authenticate itself against the kafka brokers that it is communicating with note that this example does not cover client authorization code of your java application that uses the kafka streams library properties settings new properties settings put streamsconfig application_id_config secure kafka streams app where to find secure kafka brokers here it s on port 9093 settings put streamsconfig bootstrap_servers_config kafka example com 9093 further non security related settings may follow here security settings 1 these settings must match the security settings of the secure kafka cluster 2 the ssl trust store and key store files must be locally accessible to the application settings put commonclientconfigs security_protocol_config ssl settings put sslconfigs ssl_truststore_location_config etc security tls kafka client truststore jks settings put sslconfigs ssl_truststore_password_config test1234 settings put sslconfigs ssl_keystore_location_config etc security tls kafka client keystore jks settings put sslconfigs ssl_keystore_password_config test1234 settings put sslconfigs ssl_key_password_config test1234 if you incorrectly configure a security setting in your application it will fail at runtime typically right after you start it for example if you enter an incorrect password for the ssl keystore password setting an error message similar to this would be logged and then the application would terminate misconfigured ssl keystore password exception in thread main org apache kafka common kafkaexception failed to construct kafka producer snip caused by org apache kafka common kafkaexception org apache kafka common kafkaexception java io ioexception keystore was tampered with or password was incorrect snip caused by java security unrecoverablekeyexception password verification failed monitor your kafka streams application log files for such error messages to spot any misconfigured applications quickly documentation kafka streams developer guide last modified december 19 2025 add license info to every source file and handle documentation html links for all versioned paths 764 379dba2230 previous managing streams application topics next application reset tool the contents of this website are 2026 apache software foundation under the terms of the apache license v2 apache kafka kafka and the kafka logo are either registered trademarks or trademarks of the apache software foundation in the united states and other countries security donate thanks events license privacy
Images from subpage: "kafka.apache.org/27/configuration/admin-configs/" Verify
Images from subpage: "kafka.apache.org/27/design/" Verify
Images from subpage: "kafka.apache.org/27/design/design/" Verify
Images from subpage: "kafka.apache.org/27/design/protocol/" Verify
Images from subpage: "kafka.apache.org/27/implementation/" Verify

Verified site has: 132 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100
101-105 106-110 111-115 116-120 121-125 126-130 131-132


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/2 301
server Apache
location htt????/kafka.apache.org/27/streams/developer-guide/security/
content-type text/html; charset=iso-8859-1
via 1.1 varnish, 1.1 varnish
accept-ranges bytes
age 0
date Sat, 18 Jul 2026 11:01:45 GMT
x-served-by cache-hel1410030-HEL, cache-rtm-ehrd2290026-RTM
x-cache MISS, MISS
x-cache-hits 0, 0
x-timer S1784372505.019299,VS0,VE28
strict-transport-security max-age=31536000; includeSubDomains; preload
content-length 269
HTTP/2 200
server Apache
last-modified Sat, 11 Jul 2026 01:38:19 GMT
etag f9db-6564be97a8514-gzip
content-encoding gzip
access-control-allow-origin *
content-security-policy style-src self unsafe-inline htt????/fonts.googleapis.com; script-src self unsafe-inline htt????/unpkg.com htt????/code.jquery.com
content-type text/html
via 1.1 varnish, 1.1 varnish
accept-ranges bytes
age 4573
date Sat, 18 Jul 2026 11:01:45 GMT
x-served-by cache-hel1410029-HEL, cache-rtm-ehrd2290026-RTM
x-cache HIT, HIT
x-cache-hits 3, 0
x-timer S1784372505.059892,VS0,VE1
vary Accept-Encoding
strict-transport-security max-age=31536000; includeSubDomains; preload
content-length 12206

Meta Tags

title="Streams Security | Apache Kafka"
charset="utf-8"
name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"
name="robots" content="index, follow"
name="description" content="Kafka Streams natively integrates with the Kafka’s security features and supports all of the client-side security features in Kafka. Streams leverages the Java Producer and Consumer API. To secure your Stream processing applications, configure the security settings in the corresponding Kafka producer and consumer clients, and then specify the corresponding configuration settings in your Kafka Streams application. Kafka supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients."
property="og:title" content="Streams Security"
property="og:description" content="Kafka Streams natively integrates with the Kafka’s security features and supports all of the client-side security features in Kafka. Streams leverages the Java Producer and Consumer API. To secure your Stream processing applications, configure the security settings in the corresponding Kafka producer and consumer clients, and then specify the corresponding configuration settings in your Kafka Streams application. Kafka supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients."
property="og:type" content="article"
property="og:url" content="htt????/kafka.apache.org/27/streams/developer-guide/security/"
property="article:section" content="27"
property="article:modified_time" content="2025-12-19T18:23:57-08:00"
itemprop="name" content="Streams Security"
itemprop="description" content="Kafka Streams natively integrates with the Kafka’s security features and supports all of the client-side security features in Kafka. Streams leverages the Java Producer and Consumer API. To secure your Stream processing applications, configure the security settings in the corresponding Kafka producer and consumer clients, and then specify the corresponding configuration settings in your Kafka Streams application. Kafka supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients."
itemprop="dateModified" content="2025-12-19T18:23:57-08:00"
itemprop="wordCount" content="945"
itemprop="keywords" content="kafka,docs,"
name="twitter:card" content="summary"
name="twitter:title" content="Streams Security"
name="twitter:description" content="Kafka Streams natively integrates with the Kafka’s security features and supports all of the client-side security features in Kafka. Streams leverages the Java Producer and Consumer API. To secure your Stream processing applications, configure the security settings in the corresponding Kafka producer and consumer clients, and then specify the corresponding configuration settings in your Kafka Streams application. Kafka supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients."
name="mobile-web-app-capable" content="yes"
name="apple-mobile-web-app-capable" content="yes"
name="apple-mobile-web-app-status-bar-style" content="black"

Load Info

page size63963
load time (s)0.112859
redirect count1
speed download108982
server IP 151.101.2.132
* all occurrences of the string "http://" have been changed to "htt???/"