Metadata-Version: 2.1
Name: kafkacrypto
Version: 0.9.1
Summary: Message layer security/crypto for Kafka
Home-page: https://github.com/tmcqueen-materials/kafkacrypto
Author: Tyrel M. McQueen
Author-email: tmcqueen-pypi@demoivre.com
License: GNU GPLv2
Description: # kafkacrypto
        Message Layer Encryption for Kafka
        
        Available on PyPI at https://pypi.org/project/kafkacrypto/  
        Available on Github at https://github.com/tmcqueen-materials/kafkacrypto
        
        ## Quick Start
        On every kafka consumer or producer node, do:
          1. `pip3 install kafkacrypto`
          1. [Download](https://github.com/tmcqueen-materials/kafkacrypto/raw/master/tools/simple-provision.py) `simple-provision.py`
          1. Run: `./simple-provision.py` and follow the instructions. Use the same root of trust password on all nodes.
        
        In your producer/consumer code:
        ```python
        from kafkacrypto import KafkaCrypto
        nodeId = 'my-node-ID'
        
        # setup separate consumer/producers for the crypto key passing messages. DO NOT use these for
        # other messages.
        kcc = KafkaConsumer(...your server params...)
        kcp = KafkaProducer(...your server params...)
        kc = KafkaCrypto(nodeId,kcp,kcc)
        
        ... Your code here ...
        
        # Here is how you configure your producer/consumer objects to use the crypto (de)serializers
        producer = KafkaProducer(...,key_serializer=kc.getKeySerializer(), value_serializer=kc.getValueSerializer())
        consumer = KafkaConsumer(...,key_deserializer=kc.getKeyDeserializer(), value_deserializer=kc.getValueDeserializer())
        
        ... Your code here ...
        ```
        
        And that's it! Your producers and consumers should function as normal, but all traffic within Kafka is encrypted. 
        
        If automatic topic creation is disabled, then one more action is needed. For each "root topic" you must create the requisite key-passing topics. By default these are `root.reqs` and `root.keys`, where root is replaced with the root topic name.
        
        ## Root Topics
        
        kafkacrypto uses unique keys on a per-"root topic" basis. A root topic is defined as the topic name before the first user-defined separator. The default separator is "`.`". Thus all of these:  
        `example001`  
        `example001.foo.bar.baz`  
        `example001.foo.bar`  
        `example001.foo`  
        have the same root topic of `example001`, whereas `example001_baz.bar.foo` has the root topic `example001_baz`. Since kafka does not recommend using both "`.`" and "`_`" in topic names, if you wish every topic to use a unique set of keys, use "`_`" (and not "`.`") in names, or change the defined topic separator.
        
        ## Troubleshooting
        If something is not working, enable logging to get detailed information:
        ```python
        import logging
        
        logging.basicConfig(level=logging.WARNING)
        logging.getLogger("kafkacrypto").setLevel(level=logging.INFO) # set to logging.DEBUG for more verbosity
        ```
        
        ## Advanced Usage
        kafkacrypto has been designed to seamlessly support a range of key exchange authorization and delegation mechanisms beyond the simple single-password root of trust. An example of a simple "controller-based" intermediary is included in the main package. The requisite controller can be setup as:
        ```python
        #!/usr/bin/python3
        from kafka import KafkaConsumer, KafkaProducer
        from kafkacrypto import KafkaCryptoController
        
        nodeId = 'controller-name'
        
        # use your normal server parameters in place of the ...
        kcc = KafkaConsumer(..., enable_auto_commit=False, group_id=nodeId)
        kcp = KafkaProducer(...)
        controller = KafkaCryptoController(nodeId,kcp,kcc)
        controller._mgmt_thread.join()
        ```
        The configuration parameters inside the provision script should be adjusted so that the "subscribe" and "key request" suffixes are distinct (see comment in `simple-provision.py`). If automatic topic creation is disabled, then the topic `root.subs` must also be created.
        
        ## Design, Specification, and Security Analysis
        kafkacrypto is already in limited production use, and should be stable enough for broad adoption. However, a detailed security analysis of the kafkacrypto framework is still in progress, and use of this code should be considered experimental.
        
Keywords: kafka kafka-crypto kafka-security security crypo
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2)
Classifier: Operating System :: OS Independent
Description-Content-Type: text/markdown
