Skip to content

Apache Kafka API Secret

Service Name: Apache Kafka

Service Description: Apache Kafka is a distributed event streaming platform capable of handling trillions of events a day. Initially conceived as a messaging queue, Kafka is based on an abstraction of a distributed commit log. It's used for building real-time data pipelines and streaming applications.

Service Address: https://kafka.apache.org/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the broker level using Kafka's security features including ACLs and network segmentation.

Secret Access Scope: Grants access to produce and consume messages from Kafka topics, manage topics, consumer groups, and other Kafka resources depending on the configured permissions.

Secret Revokement URL: Does not exist (Kafka uses a configuration-based approach for credential management)

Secret Example: 9Ybq2sND4wCXekUImXaYbHPza7RuPXcKJDNO8k3LpZA

Suspicious Activity Investigation Instructions:

  • Review Kafka broker logs for unusual connection patterns or authentication attempts
  • Check consumer group offsets for unexpected changes or resets
  • Monitor topic creation, deletion, or configuration changes
  • Analyze message throughput patterns for anomalies
  • Review ACL changes or permission modifications
  • Check for unusual client connections from unexpected IP addresses

Mitigation Instructions:

  • Rotate the compromised API secret by updating the client's JAAS configuration

file

  • Update the server-side authentication configuration to invalidate the old

credentials

  • Implement or update ACLs to restrict access to sensitive topics
  • Enable audit logging to track future authentication and authorization events
  • Consider implementing additional security measures like TLS encryption for

client-broker communication

  • Review and update network segmentation to limit broker access to trusted

networks only

  • Implement a regular credential rotation policy to minimize exposure risk