Apache Kafka API Key
Service Name: Apache Kafka
Service Description: Apache Kafka is a distributed event streaming platform capable of handling trillions of events a day. It provides a unified, high-throughput, low-latency platform for handling real-time data feeds.
Service Address: https://kafka.apache.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the broker level using Kafka's security features and ACLs (Access Control Lists).
Secret Access Scope: Grants programmatic access to Kafka clusters, allowing applications to produce and consume messages from topics based on the permissions assigned to the API key.
Secret Revokement URL: https://kafka.apache.org/documentation/#security_authz_cli
Secret Example: KAFKAAPI-abcdef123456789ghijklmno- pqrstuvwxyz0123456789ABCDEFGHIJKLM
Suspicious Activity Investigation Instructions:
- Review Kafka broker logs for unusual connection patterns or authentication attempts
- Check for unexpected high-volume message production or consumption
- Monitor for unauthorized topic creation or deletion
- Examine consumer group offsets for unusual changes
- Look for access from unexpected IP addresses or locations
- Verify if there are any unauthorized schema registry operations
Mitigation Instructions:
- Immediately revoke the compromised API key using Kafka's security tools
- Generate a new API key with appropriate permissions
- Update all legitimate applications to use the new API key
- Review and tighten ACL permissions for Kafka resources
- Enable audit logging for all Kafka operations if not already enabled
- Consider implementing IP allowlisting for Kafka broker connections
- Review all topic permissions and consumer group access
- Implement or review encryption settings for data in transit