Apache Kafka API Secret
Service Name: Apache Kafka
Service Description: Apache Kafka is a distributed event streaming platform capable of handling trillions of events a day. Initially conceived as a messaging queue, Kafka is based on an abstraction of a distributed commit log. It's used for building real-time data pipelines and streaming applications.
Service Address: https://kafka.apache.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the broker level using Kafka's security features including ACLs and network segmentation.
Secret Access Scope: Grants access to produce and consume messages from Kafka topics, manage topics, consumer groups, and other Kafka resources depending on the configured permissions.
Secret Revokement URL: Does not exist (Kafka uses a configuration-based approach for credential management)
Secret Example: 9Ybq2sND4wCXekUImXaYbHPza7RuPXcKJDNO8k3LpZA
Suspicious Activity Investigation Instructions:
- Review Kafka broker logs for unusual connection patterns or authentication attempts
- Check consumer group offsets for unexpected changes or resets
- Monitor topic creation, deletion, or configuration changes
- Analyze message throughput patterns for anomalies
- Review ACL changes or permission modifications
- Check for unusual client connections from unexpected IP addresses
Mitigation Instructions:
- Rotate the compromised API secret by updating the client's JAAS configuration
file
- Update the server-side authentication configuration to invalidate the old
credentials
- Implement or update ACLs to restrict access to sensitive topics
- Enable audit logging to track future authentication and authorization events
- Consider implementing additional security measures like TLS encryption for
client-broker communication
- Review and update network segmentation to limit broker access to trusted
networks only
- Implement a regular credential rotation policy to minimize exposure risk