ESS’ Kafka Configuration#
ESS’ services communicate with each other by sending messages through Kafka. For example:
ESS services (including the Auditing service) send audit events through Kafka and the Auditing service consumes these events.
The following discusses some key Kafka configurations.
For more information on Kafka configuration, see https://quarkus.io/guides/kafka#kafka-configuration.
Configuring Bootstrap Kafka Brokers#
You can configure ESS services to connect with Kafka either globally or per channel.
To configure globally such that all the ESS’ message channels use the same
Kafka instance, you can set
Per Channel Configuration#
To configure per channel such that the message channel uses a separate Kafka instance, for the services that use the channel, configure the corresponding input and output bootstrap servers for that channel MP_MESSAGING_[INCOMING|OUTGOING]_[CHANNEL]_BOOTSTRAP_SERVERS.
Configuring Password for Encryption and Decryption of Messages#
By default, Inrupt enables data encryption for all data that pass through the Kafka messaging system.
As part of updating the inputs for your deployment, define the data encryption keys for Kafka.
Specifically, in the
kafka-credentials.env file, downloaded as
part of the installation:
INRUPT_KAFKA_SOLIDRESOURCE_CIPHER_PASSWORDto a strong password. This is used for encrypting and decrypting Solid resource notification events.
INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORDto a strong password. This is used for encrypting and decrypting Audit events.
INRUPT_KAFKA_SOLIDACCESSCONTROLRESOURCE_CIPHER_PASSWORDto a strong password. This is used for encrypting and decrypting Access Control Resource (ACR) notification events.
You MUST set the data encryption key values to a strong password.