AuthScheme
The scheme used for authentication with the Apache Kafka broker.
Possible Values
None, Plain, SCRAM, SCRAM-SHA-512, Kerberos, SSLCertificate, KafkaOAuthClient, AzureAD, AzureMSI, AzureServicePrincipal, AzureServicePrincipalCert, OAuthJWT, GCPInstanceAccount, AWSWorkloadIdentity, AzureWorkloadIdentityData Type
string
Default Value
"None"
Remarks
Supported schemes for Apache Kafka:
| None | Connect to the data source without specifying the user credentials. User is authenticated anonymously. |
| Plain | Authenticate via credentials passed in a plain text login module. |
| SCRAM | Authenticate via a SCRAM login module with SHA-256 hashing. |
| SCRAM-SHA-512 | Authenticate via a SCRAM login module with SHA-512 hashing. |
| Kerberos | Use Kerberos authentication. (Requires you to specify the system kerberos configuration file.) |
| SSLCertificate | Authenticate via SSL client certificate. |
| KafkaOAuthClient | Authenticate via Kafka's native OpenID Connect (KIP-768) authentication using the client credentials grant type. Note that this does not use the provider built-in support for OAuth like the Azure and OAuthJWT authentication methods do. Only the OAuthClientId, OAuthClientSecret, OAuthAccessTokenURL, and Scope properties have any effect on the behavior of this auth scheme. Use ConsumerProperties and ProducerProperties to provide advanced configuration. |
| AzureAD | Perform Azure Active Directory OAuth authentication. |
| AzureMSI | (Azure VM only) Automatically obtain Managed Service Identity credentials. |
| AzureServicePrincipal | Authenticate as an Azure Service Principal using a Client Secret. |
| AzureServicePrincipalCert | Authenticate as an Azure Service Principal using a Certificate. |
| OAuthJWT | Perform OAuth authentication using an OAuth service account. |
| GCPInstanceAccount | Obtain an Access Token from Google Cloud Platform instance. |
| AWSWorkloadIdentity | Authenticate using Workload Identity Federation. |
Schemes for authenticating to Azure Event Hubs:
| AzureAD | Perform Azure Active Directory OAuth authentication. |
| AzureMSI | (Azure VM only) Automatically obtain Managed Service Identity credentials. |
| AzureServicePrincipal | Authenticate as an Azure Service Principal using a Client Secret. |
| AzureServicePrincipalCert | Authenticate as an Azure Service Principal using a Certificate. |
Schemes for authenticating to GMS Kafka:
| OAuthJWT | Perform OAuth authentication using an OAuth service account. |
| GCPInstanceAccount | Obtain an Access Token from Google Cloud Platform instance. |
| AWSWorkloadIdentity | Authenticate using Workload Identity Federation. Since GMS Kafka does not support using external principals to authenticate directly, you must delegate to a service account using the RequestingServiceAccount property. |