# ESS' Kafka Configuration

ESS’ services communicate with each other by sending messages through Kafka. For example:

* [Pod Storage Service](/ess/2.5/services/service-pod-management/service-pod-storage.md) sends resource notification events through Kafka and [WebSocket Notification Service](/ess/2.5/services/service-notification/service-websocket.md) consumes these events.
* ESS services (including the Auditing service) send audit events through Kafka and the [Auditing Service](/ess/2.5/services/service-auditing.md) consumes these events.

The following discusses some key Kafka configurations.

For more information on Kafka configuration, see <https://quarkus.io/guides/kafka#kafka-configuration>.

{% hint style="info" %}
**Tip**\
Kafka **MUST** be configured with topic auto-creation enabled (i.e. **`auto.create.topics.enable = true`** ). See [Custom MSK Configurations](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html).
{% endhint %}

## Configuring Bootstrap Kafka Brokers

You can configure ESS services to connect with Kafka either globally or per channel.

### Global Configuration

To configure globally such that all the ESS’ [message channels](https://quarkus.io/guides/kafka#kafka-configuration) use the same Kafka instance, you can set **`KAFKA_BOOTSTRAP_SERVERS`** configuration.

{% hint style="info" %}
**Note**\
Inrupt-provided [Kustomize overlays](/ess/2.5/installation.md#step-1-initialize-the-installation-directory) include, in the **`kafka-credentials.env`** file, **`KAFKA_BOOTSTRAP_SERVERS`** as an input to update. Set its value as part of updating inputs for your deployment.
{% endhint %}

### Per Channel Configuration

To configure per channel such that the message channel uses a separate Kafka instance, for the services that use the channel, configure the corresponding input and output bootstrap servers for that channel [**`MP_MESSAGING_[INCOMING|OUTGOING]_[CHANNEL]_BOOTSTRAP_SERVERS`**](https://quarkus.io/guides/kafka#kafka-configuration).

## Configuring Password for Encryption and Decryption of Messages

By default, Inrupt enables data encryption for all data that pass through the Kafka messaging system.

{% hint style="info" %}
**Tip**\
You **MUST** set the data encryption key values to a strong password.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inrupt.com/ess/2.5/services/appendix/appendix-kafka-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.