Securing connections for Talend Data Stewardship

To secure connections between Talend Data Stewardship, the MongoDB server, and Apache Kafka, you need to edit the data-stewardship.properties file.

Important: In the following procedure, the MongoDB server module, the Apache Kafka module, and other Talend Data Stewardship modules must all use the same truststore.

Procedure

Open the <installation_folder>/tds/config/data-stewardship.properties file.
To trust the server certificate used by Talend Data Stewardship, add the following properties with the appropriate values:
```
#Keystore configuration
server.ssl.key-store=<keystore_path>/keystore.jks
server.ssl.key-store-password=<keystore_password>
server.ssl.key-alias=<certificate_alias>
server.ssl.key-store-type=JKS
server.ssl.enabled=true
server.ssl.protocol=TLS
server.ssl.client-auth=none
server.tomcat.max-threads=150
```
For the server.ssl.client-auth property, you can set it to want or need to reinforce the security.
By default, Spring Boot uses the default truststore (cacerts) located in the java/lib/security folder. If the default truststore corresponds to your needs, you do not need to add anything related to the truststore.
In <installation_folder>/iam/config/clientstds-client.json, update all http to https.
To secure connections with MongoDB, add the following properties with the appropriate values:
```
spring.data.mongodb.ssl=true
spring.data.mongodb.ssl.trust-store=<truststore_path>
spring.data.mongodb.ssl.trust-store-password=<truststore_password>
```
To enable SSL support on MongoDB, see MongoDB documentation.
To secure connections with Kafka using communication encryption only, add the following properties with the appropriate values:
```
kafka.security.protocol=SSL
kafka.ssl.truststore.location=<truststore_path>
kafka.ssl.truststore.password=<truststore_password>
```
To secure connections with Kafka using authentication, add the following properties with the appropriate values:
```
kafka.ssl.keystore.location=<keystore_path>
kafka.ssl.keystore.password=<keystore_password>
kafka.ssl.key.password=<key_password>
```
Note that the communication encryption parameters must also be defined to use authentication.

To secure connections with the message broker, add the following properties with the appropriate values:

spring.cloud.stream.kafka.binder.configuration.security.protocol=SSL
spring.cloud.stream.kafka.binder.configuration.ssl.truststore.location=<truststore_path>
spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password=<truststore_password>
spring.cloud.stream.kafka.binder.configuration.ssl.keystore.location=<keystore_path>
spring.cloud.stream.kafka.binder.configuration.ssl.keystore.password=<keystore_password>
spring.cloud.stream.kafka.binder.configuration.ssl.key.password=<key_password>
spring.cloud.stream.kafka.binder.configuration.ssl.endpoint.identification.algorithm=<ssl_algorithm>
spring.kafka.properties.security.protocol=SSL
spring.kafka.properties.ssl.truststore.location=<truststore_path>
spring.kafka.properties.ssl.truststore.password=<truststore_password>
spring.kafka.properties.ssl.keystore.location=<keystore_path>
spring.kafka.properties.ssl.keystore.password=<keystore_password>
spring.kafka.properties.ssl.key.password=<key_password>

To enable SSL support on Kafka, see Kafka documentation.

Change the gateway URLs from http to https:

frontend.url=https://<server>:${frontend.server.port}
backend.url=https://<server>:${core.server.port}
schemaservice.url=https://<server>:${schema.server.port}
historyservice.url=https://<server>:${history.server.port}
monitoringservice.url=https://<server>:${monitoring.server.port}
gateway.url=https://<server>:${gateway.server.port}

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here