Skip to content

Apache Kafka API Key

Service Name: Apache Kafka

Service Description: Apache Kafka is a distributed event streaming platform capable of handling trillions of events a day. It provides a unified, high-throughput, low-latency platform for handling real-time data feeds.

Service Address: https://kafka.apache.org/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the broker level using Kafka's security features and ACLs (Access Control Lists).

Secret Access Scope: Grants programmatic access to Kafka clusters, allowing applications to produce and consume messages from topics based on the permissions assigned to the API key.

Secret Revokement URL: https://kafka.apache.org/documentation/#security_authz_cli

Secret Example: KAFKAAPI-abcdef123456789ghijklmno- pqrstuvwxyz0123456789ABCDEFGHIJKLM

Suspicious Activity Investigation Instructions:

  • Review Kafka broker logs for unusual connection patterns or authentication attempts
  • Check for unexpected high-volume message production or consumption
  • Monitor for unauthorized topic creation or deletion
  • Examine consumer group offsets for unusual changes
  • Look for access from unexpected IP addresses or locations
  • Verify if there are any unauthorized schema registry operations

Mitigation Instructions:

  • Immediately revoke the compromised API key using Kafka's security tools
  • Generate a new API key with appropriate permissions
  • Update all legitimate applications to use the new API key
  • Review and tighten ACL permissions for Kafka resources
  • Enable audit logging for all Kafka operations if not already enabled
  • Consider implementing IP allowlisting for Kafka broker connections
  • Review all topic permissions and consumer group access
  • Implement or review encryption settings for data in transit