Enable security and authentication
The ConfigProvider feature can be utilized to prevent secrets and sensitive information from appearing in cleartext within connector configurations. ConfigProvider allows you to securely store and retrieve configuration properties, including sensitive ones, outside of the connector configuration files.
SSM Configuration Provider allows variable references to be replaced with values from SSM parameter on each worker. For example, instead of having sensitive information like secret in the configuration property, it can be configured in the SSM parameter and used as a variable in connector configurations.
Variables that refer by name to a SSMConfigProvider should be in the form ${provider:[path]:key}
app.secret=${ssm:/config/kafka/connect/:appKey}The following properties have to be added to the connect worker to enable it to use SSM Configuration Provider.
config.providers=ssmconfig.providers.ssm.class=com.trimble.tcp.events.kafka.connect.config.ssm.SsmConfigProviderThe following optional parameters are specific to the SSM Configuration Provider:
| Name | Description |
|---|---|
aws.region | |
The AWS region used by the SSM client. For example us-west-2. | |
api.call.timeout.ms | |
The API call timeout to the SSM in milliseconds. The default value is 2000. | |
prefix | |
ThePrefix that will be added to all paths. For example, you can use /config/kafka/connect/stage or /config/kafka/connect/prod and all the calls to SSM will be prefixed with that path. |
The SSM Configuration Provider parameters should be in the form config.providers.<provider>.param.<parameter>
config.providers.ssm.param.prefix=/config/kafka/connect/stage