Kafka: Support encrypted TLS keys

[pranavmarla]

Component(s)

exporter/kafka, receiver/kafka

Is your feature request related to a problem? Please describe.

Currently, the OTel Kafka clients (exporter and receiver) support TLS authentication via a private key (auth.tls.key_file). However, that key has to be unencrypted, which seems like a security risk. By contrast, the built-in Kafka clients support encrypted TLS keys (specifically, they have an extra param that takes in the password for the TLS key: link)

Describe the solution you'd like

The OTel Kafka clients should have an extra param that takes in a password for the TLS key, just like the built-in Kafka clients. This enables us to authenticate via encrypted TLS key, instead of requiring the key to be unencrypted.

Describe alternatives you've considered

Currently, the only alternative seems to be to remove password protection from the TLS key and supply the unencrypted key to the OTel agent, which seems like a security risk.

Additional context

No response

[github-actions]

Pinging code owners:

• exporter/kafka: @pavolloffay @MovieStoreGuy
• receiver/kafka: @pavolloffay @MovieStoreGuy

See Adding Labels via Comments if you do not have permissions to add labels yourself.

[atoulme]

This would be best handled through a config provider that would inject the configuration. One such possibility is to use an environment variable for example.

[pranavmarla]

This would be best handled through a config provider that would inject the configuration. One such possibility is to use an environment variable for example.

Thanks @atoulme. So you're saying you don't think this is a feature that should be built into OTEL itself?

[atoulme]

I am saying it should not be specific to this field. It should be a feature available for any field.

[github-actions]

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

• exporter/kafka: @pavolloffay @MovieStoreGuy
• receiver/kafka: @pavolloffay @MovieStoreGuy

See Adding Labels via Comments if you do not have permissions to add labels yourself.

[github-actions]

This issue has been closed as inactive because it has been stale for 120 days with no activity.