Connection String Options
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider. Click the links for further details.
For more information on establishing a connection, see Basic Tab.
| Property | Description |
| AuthScheme | Specifies the authentication scheme that the provider uses when connecting to the Apache Kafka broker. |
| User | Specifies the username used to authenticate to the Apache Kafka broker. |
| Password | Specifies the password used to authenticate to Apache Kafka for the selected authentication scheme. |
| BootstrapServers | Specifies the Kafka bootstrap servers that the provider uses to establish the initial connection to the Kafka cluster. |
| UseSSL | Specifies whether the provider negotiates SSL/TLS when connecting to the Apache Kafka broker. |
| Property | Description |
| ConsumerGroupId | Specifies the consumer group that the provider uses when reading messages from Apache Kafka. |
| AutoCommit | Specifies whether the Apache Kafka consumer automatically commits read offsets. |
| Property | Description |
| AzureTenant | Identifies the Apache Kafka tenant being used to access data. Accepts either the tenant's domain name (for example, contoso.onmicrosoft.com ) or its directory (tenant) ID. |
| AzureResource | The Azure Active resource to authenticate to (used during Azure OAuth exchange). |
| Property | Description |
| InitiateOAuth | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. |
| OAuthClientId | Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication. |
| OAuthClientSecret | Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. (Custom OAuth applications only.). |
| OAuthAccessToken | Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange. |
| DelegatedServiceAccounts | Specifies a space-delimited list of service account emails for delegated requests. |
| RequestingServiceAccount | Specifies a service account email to make a delegated request. |
| OAuthSettingsLocation | Specifies the location of the settings file where OAuth values are saved. |
| Scope | Specifies the scopes to request when obtaining an OAuth token from the OIDC token endpoint. |
| OAuthAccessTokenURL | The URL from which the OAuth access token is retrieved. |
| OAuthVerifier | Specifies a verifier code returned from the OAuthAuthorizationURL . Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set. |
| OAuthRefreshToken | Specifies the OAuth refresh token used to request a new access token after the original has expired. |
| OAuthExpiresIn | Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working. |
| OAuthTokenTimestamp | Displays a Unix epoch timestamp in milliseconds that shows how long ago the current access token was created. |
| Property | Description |
| OAuthJWTCert | Supplies the name of the client certificate's JWT Certificate store. |
| OAuthJWTCertType | Identifies the type of key store containing the JWT Certificate. |
| OAuthJWTCertPassword | Provides the password for the OAuth JWT certificate used to access a password-protected certificate store. If the certificate store does not require a password, leave this property blank. |
| OAuthJWTCertSubject | Identifies the subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate. |
| Property | Description |
| KerberosKeytabFile | Specifies the path to the keytab file that contains the Kerberos principals and encrypted keys used for authentication. |
| KerberosSPN | Specifies the full Kerberos service principal name (SPN) of the Kafka broker. |
| KerberosServiceName | Specifies the Kerberos service name used when authenticating to the Kafka broker. |
| UseKerberosTicketCache | Specifies whether the provider uses the Kerberos ticket cache for authentication instead of a keytab file. |
| Property | Description |
| SSLServerCert | Specifies the SSL server certificate or certificate store used to verify the identity of the Apache Kafka broker. |
| SSLServerCertType | Specifies the format of the SSL server certificate used to verify the Apache Kafka broker. |
| SSLServerCertPassword | Specifies the password used to decrypt the server certificate provided in SSLServerCert . |
| SSLClientCert | Specifies the SSL client certificate used to authenticate with the Apache Kafka broker. |
| SSLClientCertType | Specifies the format of the SSL client certificate used to connect to the Apache Kafka broker. |
| SSLClientCertPassword | Specifies the password used to decrypt the certificate provided in SSLClientCert . |
| SSLIdentificationAlgorithm | Specifies the endpoint identification algorithm used to validate the server host name during SSL/TLS connections. |
| Property | Description |
| RegistryURL | Specifies the endpoint of the schema registry. When this property is specified, the driver supports reading Avro and JSON schemas from the server. |
| RegistryService | Specifies the schema registry service that the provider uses to retrieve key and value schemas for Apache Kafka topics. |
| RegistryAuthScheme | Specifies the authentication scheme that the provider uses when connecting to the schema registry. |
| RegistryUser | Specifies the user name used when authenticating to the schema registry with the Basic authentication scheme. |
| RegistryPassword | Specifies the password used when authenticating to the schema registry with the Basic authentication scheme. |
| RegistryClientCert | The TLS/SSL client certificate store for SSL Client Authentication (2-way SSL) with the schema registry. |
| RegistryClientCertType | Specifies the type of key store used by the TLS/SSL client certificate given in RegistryClientCert . |
| RegistryClientCertPassword | Specifies the password for the client certificate store defined in RegistryClientCert. |
| RegistryClientCertSubject | Specifies the subject of the client certificate to select from the certificate store defined in RegistryClientCert. |
| RegistryVersion | Specifies which version of a schema the provider retrieves from the schema registry when resolving topic columns. |
| RegistryServerCert | The certificate to be accepted from the schema registry when connecting using TLS/SSL. |
| SchemaMergeMode | Specifies how the provider exposes schemas with multiple versions. |
| Property | Description |
| FirewallType | Specifies the protocol the provider uses to tunnel traffic through a proxy-based firewall. |
| FirewallServer | Identifies the IP address, DNS name, or host name of a proxy used to traverse a firewall and relay user queries to network resources. |
| FirewallPort | Specifies the TCP port to be used for a proxy-based firewall. |
| FirewallUser | Identifies the user ID of the account authenticating to a proxy-based firewall. |
| FirewallPassword | Specifies the password of the user account authenticating to a proxy-based firewall. |
| Property | Description |
| ProxyAutoDetect | Specifies whether the provider checks your system proxy settings for existing proxy server configurations, rather than using a manually specified proxy server. |
| ProxyServer | Identifies the hostname or IP address of the proxy server through which you want to route HTTP traffic. |
| ProxyPort | Identifies the TCP port on your specified proxy server that has been reserved for routing HTTP traffic to and from the client. |
| ProxyAuthScheme | Specifies the authentication method the provider uses when authenticating to the proxy server specified in the ProxyServer connection property. |
| ProxyUser | Provides the username of a user account registered with the proxy server specified in the ProxyServer connection property. |
| ProxyPassword | Specifies the password of the user specified in the ProxyUser connection property. |
| ProxySSLType | Specifies the SSL type to use when connecting to the proxy server specified in the ProxyServer connection property. |
| ProxyExceptions | Specifies a semicolon-separated list of destination hostnames or IPs that are exempt from connecting through the proxy server set in the ProxyServer connection property. |
| Property | Description |
| LogModules | Specifies the core modules to include in the log file. Use a semicolon-separated list of module names. By default, all modules are logged. |
| Property | Description |
| Location | Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path. |
| Property | Description |
| AllowKeyOnlyRegistryTopics | Specifies whether the provider exposes key-only Schema Registry topics as tables. |
| AWSWorkloadIdentityConfig | Configuration properties to provide when using Workload Identity Federation via AWS. |
| AzureWorkloadIdentityConfig | Configuration properties to provide when using Workload Identity Federation via Azure. |
| CompressionType | Specifies the compression algorithm that the provider uses when producing messages to Apache Kafka. |
| ConsumerProperties | Specifies additional Kafka consumer configuration options that the provider passes directly to the underlying Kafka client. |
| CreateTablePartitions | Specifies the number of partitions to assign to a topic created through a CREATE TABLE statement. |
| CreateTableReplicationFactor | Specifies the the number of replicas to assign to a topic created through a CREATE TABLE statement. |
| EnableIdempotence | Specifies whether the provider ensures that produced messages are delivered in order and without duplicates. |
| ExposeQueueMetadataColumns | Specifies whether the Partition, Offset, and Timestamp columns are exposed. |
| FlattenArrays | Specifies how many elements to return from nested arrays when TypeDetectionScheme is set to SchemaRegistry. |
| GenerateSchemaFiles | Indicates the user preference as to when schemas should be generated and saved. |
| HideUnusedColumns | Determines whether to hide key or value colums when the topic has no associated schema information. |
| MaximumBatchSize | Specifies the maximum size, in bytes, of a batch of messages that the provider gathers before sending the batch to Apache Kafka. |
| MaxRows | Specifies the maximum number of rows returned for queries that do not include either aggregation or GROUP BY. |
| MessageKeyColumn | Specifies the name of the column where the provider stores the message key for each record. |
| MessageKeyType | The type of data stored in message keys. |
| NonRegistryTypeDetectionScheme | Specifies the TypeDetectionScheme to use for topics that do not have schemas in the schema registry. |
| OffsetResetStrategy | Specifies how the provider determines the starting offset when no committed offset exists for the consumer group. |
| Other | Specifies advanced connection properties for specialized scenarios. Use this property only under the guidance of our Support team to address specific issues. |
| Pagesize | Specifies the maximum number of rows that the provider retrieves from Apache Kafka in a single read operation. |
| ProducerProperties | Specifies additional Apache Kafka producer configuration options that the provider passes directly to the client. |
| ReadDuration | Specifies how long, in seconds, the provider waits for additional messages after a read operation begins. |
| Readonly | Toggles read-only access to Apache Kafka from the provider. |
| RowScanDepth | Specifies the maximum number of messages that the provider scans to determine the columns and data types for a topic. |
| SASLOAuthExtensions | Specifies the extension values to send with OAuth auth schemes. |
| SchemaRegistryOnly | Specifies whether the provider connects only to the schema registry. |
| SerializationFormat | Specifies how to serialize/deserialize message contents. |
| Timeout | Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. |
| TypeDetectionScheme | Specifies how the provider determines the available fields and data types for each topic. |
| UseConfluentAvroFormat | Specifies how Avro data should be formatted during an INSERT. |
| UserDefinedViews | Specifies a filepath to a JSON configuration file that defines custom views. The provider automatically detects and uses the views specified in this file. |
| ValidateRegistryTopics | Specifies whether or not to validate schema registry topics against the Apache Kafka broker. Only has an effect when TypeDetectionScheme =SchemaRegistry. |
| WorkloadPoolId | The ID of your Workload Identity Federation pool. |
| WorkloadProjectId | The ID of the Google Cloud project that hosts your Workload Identity Federation pool. |
| WorkloadProviderId | The ID of your Workload Identity Federation pool provider. |