Kafka Schema Registry Security

Describes security mechanisms for Kafka Schema Registry.

Schema Registry Communication Paths

The following image depicts the Schema Registry communication paths:

The following table lists the supported security mechanisms for the Schema Registry communication paths:
NOTE
Path B does not have a network connection and therefore does not need to be secured. However, impersonation works seamlessly for this path through Schema Registry Server.
Security Features Supported Mechanisms Communication Paths Secured
Authentication MapR-SASL (ticket-based security) D – Schema Registry Server and ZooKeeper
A - Schema Registry Client and Schema Registry Server
C – Schema Registry Server and Schema Registry Server
Basic (PAM) A - Schema Registry Client and Schema Registry Server
C – Schema Registry Server and Schema Registry Server
Cookie A - Schema Registry Client and Schema Registry Server
C – Schema Registry Server and Schema Registry Server
Encryption MapR-SASL (ticket-based security) D - Schema Registry Server and ZooKeeper
A - Schema Registry Client and Schema Registry Server
C -Schema Registry Server and Schema Registry Server
SSL/TLS A - Schema Registry Client and Schema Registry Server
C - Schema Registry Server and Schema Registry Server
Authorization Based on filesystem permissions. A - Schema Registry Client and Schema Registry Server
Impersonation User impersonation A - Schema Registry Client and Schema Registry Server
B – Schema Registry Server to Streams for Apache Kafka
C - Schema Registry Server and Schema Registry Server
Auditing Not supported --