Hans-Peter Grahsl

Hans-Peter Grahsl


Hans-Peter is a technical trainer and responsible for the internal education department at NETCONOMY GmbH in Graz, Austria. As an independent engineer and consultant he is supporting customers during the conception and implementation of either cloud-based or on-premises data architectures using modern technology stacks. He used to be an associate lecturer for Software Engineering at CAMPUS 02 for 10 years and is regularly speaking at developer conferences. For his code contributions, conference talks and blog post writing at the intersection of the Apache Kafka and MongoDB communities, Hans-Peter received the Confluent Community Catalyst award 3 times in a row and became one of the founding members of the MongoDB Champions Program in 2020.

Twitter : @hpgrahsl


Track : Big Data, Machine Learning, IA & Analytics

Type de présentation : Conference

Client-Side Field-Level Encryption for Apache Kafka Connect

Apache Kafka offers several security features ranging from authentication and authorisation mechanisms to over-the-wire encryption. This notwithstanding, data encryption performed at the client-side, which leads to explicit data-at-rest protection in topics at the broker's side, can still be considered a blind spot.

After highlighting the main benefits for data-at-rest protection, this session discusses in-depth how to selectively encrypt and decrypt sensitive payload fields in the context of Apache Kafka Connect pipelines. In particular, Kryptonite is introduced which is an ecosystem community project written and open-sourced by the speaker in 2021.

During this talk, you will learn how to benefit from a configurable single message transformation that lets you perform encryption and decryption operations in Kafka Connect worker nodes without any custom code. Client-side cryptography makes your Kafka-based data integration scenarios more secure by safeguarding the most sensitive and precious data against any form of uncontrolled or illegal access once it hits the Apache Kafka brokers.