Open in app

Sign up

Sign in

Write

Sign up

Sign in

Francium Tech

Home

About

Follow publication

Francium Tech

Francium's core purpose is to create technology solutions for progressive and forward-thinking…

Follow publication

SSL and SASL Authentication to Amazon MSK with confluent-kafka-python library

--

Recently I stumbled upon a problem with authenticating to Amazon MSK with one of the most prominent python libraries confluent-kafka-python through two different modes of authentication, one being SSL and the other being SASL. One of them uses keys to encrypt data and the other one uses a username and password for encryption.

Although the PLAINTEXT mechanism can be used to authenticate if your MSK and clients are both in private networks, it does not hurt to have a strong authentication mechanism so that we are always secure.

TLS Encryption

By default, this uses port 9094 in MSK. One of the main things that you shouldn’t be passing here is the ssl.ca.location . More about port details can be referred here -https://docs.aws.amazon.com/msk/latest/developerguide/port-info.html

from confluent_kafka import Producer
from datetime import datetime
from time import strftime
import jsondef main():
    servers = "msk_broker_1:9094,msk_broker_2:9094"
    producer = Producer({
      'bootstrap.servers': servers,
      'security.protocol': 'SSL',
      'ssl.key.location': './msk_key.pem',
      'ssl.certificate.location': './msk_cert.pem',
      'ssl.key.password': 'the_password'
    })
    data = {
        'message': 'hello world',
        'timestamp': datetime.now().strftime("%m/%d/%Y %H:%M:%S")
    }
    producer.produce('test_topic', json.dumps(data).encode('utf-8'))if __name__=="__main__":
    main()

SASL Authentication (using Scram)

By default, this uses port 9096 in MSK.

from confluent_kafka import Producer
from datetime import datetime
from time import strftime
import jsondef main():
    servers = "msk_broker_1:9096,msk_broker_2:9096"
    producer = Producer({
      'bootstrap.servers': servers,
      'security.protocol': 'SASL',
      'sasl_plain_username': 'the_username',
      'sasl_plain_password': 'the_password',
      'sasl_mechanism': 'SCRAM-SHA-512'
    })
    data = {
        'message': 'hello world',
        'timestamp': datetime.now().strftime("%m/%d/%Y %H:%M:%S")
    }
    producer.produce('test_topic', json.dumps(data).encode('utf-8'))if __name__=="__main__":
    main()

Francium Tech is a technology company laser-focused on delivering top-quality software of scale at extreme speeds. The numbers and Size of the data excite us. If you have any requirements in building a large-scale application or want a free health check of your systems or architecture, feel free to shoot an email to contact@francium.tech, and we will get in touch with you!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Sign up for free

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Try for $5/month
Kafka
Confluent Kafka
Python
Sasl
Ssl

--

--

Francium Tech
Francium Tech
Follow

Published in Francium Tech

430 Followers
Last published Mar 6, 2025

Francium's core purpose is to create technology solutions for progressive and forward-thinking organizations to empower their ascendancy and to magnify their impact.

Follow
Braga J
Braga J
Follow

Written by Braga J

132 Followers
147 Following

Building things build themselves

Follow

Responses (1)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams