Skip to content

Kafka Connection String

Service Name: Apache Kafka

Service Description: Apache Kafka is a distributed event streaming platform capable of handling trillions of events a day. Initially conceived as a messaging queue, Kafka is based on an abstraction of a distributed commit log.

Service Address: https://kafka.apache.org/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the broker level using network ACLs or security groups depending on deployment environment.

Secret Access Scope: Grants access to Kafka clusters, topics, and the ability to produce and consume messages.

Secret Revokement URL: Does not exist (managed through broker configuration)

Secret Example: kafka://user:password@hostname:9092/topic

Suspicious Activity Investigation Instructions:

  • Review Kafka broker logs for unusual connection patterns or authentication failures
  • Check consumer group offsets for unexpected changes or unusual consumption patterns
  • Monitor for abnormal message production rates or sizes
  • Examine topic access patterns for unauthorized access attempts
  • Review any audit logs if enabled in your Kafka deployment
  • Check for unusual topic creation or deletion activities

Mitigation Instructions:

  • Rotate the credentials in the connection string immediately

  • Update all applications using the compromised connection string

  • Enable or review ACL permissions for the affected users
  • Consider implementing TLS for encrypted connections if not already in use
  • Implement IP-based restrictions at the broker level if possible
  • Review and update authentication mechanisms (SASL, OAuth, etc.)
  • Consider implementing a secrets management solution to avoid hardcoding

connection strings

  • Enable audit logging for better visibility into access patterns