# ESS' Kafka Configuration

ESS’ services communicate with each other by sending messages through Kafka. For example:

* [Pod Storage Service](https://docs.inrupt.com/ess/2.3/services/service-pod-management/service-pod-storage) sends resource notification events through Kafka and [WebSocket Notification Service](https://docs.inrupt.com/ess/2.3/services/service-notification/service-websocket) consumes these events.
* ESS services (including the Auditing service) send audit events through Kafka and the [Auditing Service](https://docs.inrupt.com/ess/2.3/services/service-auditing) consumes these events.

The following discusses some key Kafka configurations.

For more information on Kafka configuration, see <https://quarkus.io/guides/kafka#kafka-configuration>.

{% hint style="info" %}
**Tip**\
Kafka **MUST** be configured with topic auto-creation enabled (i.e. **`auto.create.topics.enable = true`** ). See [Custom MSK Configurations](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html).
{% endhint %}

## Configuring Bootstrap Kafka Brokers

You can configure ESS services to connect with Kafka either globally or per channel.

### Global Configuration

To configure globally such that all the ESS’ [message channels](https://quarkus.io/guides/kafka#kafka-configuration) use the same Kafka instance, you can set **`KAFKA_BOOTSTRAP_SERVERS`** configuration.

{% hint style="info" %}
**Note**\
Inrupt-provided [Kustomize overlays](https://docs.inrupt.com/ess/installation#step-1-initialize-the-installation-directory) include, in the **`kafka-credentials.env`** file, **`KAFKA_BOOTSTRAP_SERVERS`** as an input to update. Set its value as part of updating inputs for your deployment.
{% endhint %}

### Per Channel Configuration

To configure per channel such that the message channel uses a separate Kafka instance, for the services that use the channel, configure the corresponding input and output bootstrap servers for that channel [**`MP_MESSAGING_[INCOMING|OUTGOING]_[CHANNEL]_BOOTSTRAP_SERVERS`**](https://quarkus.io/guides/kafka#kafka-configuration).

## Configuring Password for Encryption and Decryption of Messages

By default, Inrupt enables data encryption for all data that pass through the Kafka messaging system.

{% hint style="info" %}
**Tip**\
You **MUST** set the data encryption key values to a strong password.
{% endhint %}