<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:26:09 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3173] Support secure Kafka transport on ref envs</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3173</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;As described in &lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/~mage.air/Kafka+Security&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/display/~mage.air/Kafka+Security&lt;/a&gt; TLS transport will be the basis on which Kafka auth and tenant seperation is going to be built.&lt;/p&gt;

&lt;p&gt;While we don&apos;t need ref envs to provide secure Kafka (including ACLs) as these are ephemeral dev envs we will need to make sure that the new transport is supported. E.g either using pregenerated certs or by ignoring them.&lt;/p&gt;</description>
                <environment></environment>
        <key id="79735">FOLIO-3173</key>
            <summary>Support secure Kafka transport on ref envs</summary>
                <type id="10005" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium">Story</type>
                                            <priority id="10003" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p4.svg">P4</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d">Jakub Skoczen</reporter>
                                    <labels>
                    </labels>
                <created>Tue, 25 May 2021 13:57:06 +0000</created>
                <updated>Fri, 5 May 2023 08:35:55 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>7</watches>
                                                                <comments>
                                                            <comment id="189678" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 22 Jun 2021 13:52:19 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; class=&quot;user-hover&quot; rel=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; data-account-id=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; accountid=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; rel=&quot;noreferrer&quot;&gt;Vladimir Shalaev&lt;/a&gt; Just to clarify &amp;#8211; the TLS support will still optional right? E.g no module will require TLS and refuse to work if TLS transport was not enabled. Please clarify.&lt;/p&gt;</comment>
                                                            <comment id="189681" author="712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad" created="Tue, 22 Jun 2021 17:33:58 +0000"  >&lt;p&gt;Correct&lt;/p&gt;

&lt;p&gt;Modules can be configured to use or not to use TLS&lt;/p&gt;</comment>
                                                            <comment id="189683" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Thu, 8 Jul 2021 12:07:57 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f9abc1eb45b2e007453f423&quot; class=&quot;user-hover&quot; rel=&quot;5f9abc1eb45b2e007453f423&quot; data-account-id=&quot;5f9abc1eb45b2e007453f423&quot; accountid=&quot;5f9abc1eb45b2e007453f423&quot; rel=&quot;noreferrer&quot;&gt;John Malconian&lt;/a&gt; are there any updates on this?&lt;/p&gt;</comment>
                                                            <comment id="189684" author="5f9abc1eb45b2e007453f423" created="Thu, 15 Jul 2021 17:23:26 +0000"  >&lt;p&gt;In order to enable TLS-based Kafka authentication all FOLIO modules that consume or produce Kafka topics directly will require additional Kafka-client SSL configuration which will vary between Vert.x-based and Spring-based modules.    IMO,  this job should be broken into at least two parts:&lt;/p&gt;

&lt;p&gt;1.  Enable SSL and PLAINTEXT connectivity between Kafka server and clients.  This will allow us to add the appropriate SSL connection options to each client module one at a time.  &lt;/p&gt;

&lt;p&gt;2. Once all client modules have been migrated to SSL and verified to work properly,  we can enforce TLS-based authentication.  &lt;/p&gt;</comment>
                                                            <comment id="189687" author="712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad" created="Thu, 15 Jul 2021 18:42:12 +0000"  >&lt;p&gt;The tasks to configure modules are already implemented&lt;/p&gt;</comment>
                                                            <comment id="189688" author="63e2a2771b13d42998e4e706" created="Tue, 20 Jul 2021 09:05:55 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; class=&quot;user-hover&quot; rel=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; data-account-id=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; accountid=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; rel=&quot;noreferrer&quot;&gt;Vladimir Shalaev&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;The tasks to configure modules are already implemented&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;It seems that 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MSEARCH-105&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MSEARCH-105&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Use TLS for Kafka connection&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MSEARCH-105
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 were required for mod-search to support configuration for this.&lt;/p&gt;

&lt;p&gt;Does that mean that all of the other modules that use Kafka also need to accept those same environment variables?&lt;/p&gt;

&lt;p&gt;If so, at least some of the affected modules (mod-inventory-storage, mod-inventory) have not implemented these changes yet and AFAIK no work has been prioritised to do so.&lt;/p&gt;

&lt;p&gt;(I thought that it was stated in the Tech Leads meeting that no changes were needed to individual modules to make this change).&lt;/p&gt;</comment>
                                                            <comment id="189690" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 10 Aug 2021 13:24:15 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f9abc1eb45b2e007453f423&quot; class=&quot;user-hover&quot; rel=&quot;5f9abc1eb45b2e007453f423&quot; data-account-id=&quot;5f9abc1eb45b2e007453f423&quot; accountid=&quot;5f9abc1eb45b2e007453f423&quot; rel=&quot;noreferrer&quot;&gt;John Malconian&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; class=&quot;user-hover&quot; rel=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; data-account-id=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; accountid=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; rel=&quot;noreferrer&quot;&gt;Drif Abdenour&lt;/a&gt; Kafka SSL env vars are already specified in the MD for &lt;a href=&quot;https://github.com/folio-org/mod-remote-storage/blob/master/descriptors/ModuleDescriptor-template.json&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-remote-storage/blob/master/descriptors/ModuleDescriptor-template.json&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Next steps:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;configure Kafka to work in both PLAINTEXT and SSL modes &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f9abc1eb45b2e007453f423&quot; class=&quot;user-hover&quot; rel=&quot;5f9abc1eb45b2e007453f423&quot; data-account-id=&quot;5f9abc1eb45b2e007453f423&quot; accountid=&quot;5f9abc1eb45b2e007453f423&quot; rel=&quot;noreferrer&quot;&gt;John Malconian&lt;/a&gt; will look into this next week&lt;/li&gt;
	&lt;li&gt;enable SSL connectivity in FOLIO modules: mod-remote-storage, mod-inventory-storage &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; class=&quot;user-hover&quot; rel=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; data-account-id=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; accountid=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; rel=&quot;noreferrer&quot;&gt;Drif Abdenour&lt;/a&gt; will provide a full list of modules&lt;/li&gt;
	&lt;li&gt;enable SSL authentication in Kafka (disables PLAINTEXT connections)&lt;/li&gt;
&lt;/ul&gt;
</comment>
                                                            <comment id="189693" author="63e2a2771b13d42998e4e706" created="Tue, 10 Aug 2021 13:58:31 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;enable SSL connectivity in FOLIO modules: mod-remote-storage, mod-inventory-storage&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;How can this be done if the module does not support the environment variables needed for this (as I believe is the case for mod-inventory-storage)?&lt;/p&gt;</comment>
                                                            <comment id="189697" author="712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad" created="Mon, 16 Aug 2021 10:44:11 +0000"  >&lt;p&gt;Issues linked to &lt;a href=&quot;https://folio-org.atlassian.net/browse/UXPROD-2929&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/UXPROD-2929&lt;/a&gt; are ment to add security configuration support to all modules with kafka usage&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                                                            <comment id="189702" author="712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152" created="Tue, 17 Aug 2021 22:03:11 +0000"  >&lt;p&gt;This is the list of the modules that need the SSL configuration &lt;br/&gt;
 mod-search : ready to accept env variables, it contains the new variables in module descriptor&lt;br/&gt;
 mod-remote-storage: ready to accept env variables, it contains the new variables in module descriptor&lt;br/&gt;
 mod-pubsub: ready to accept env variables, it DOES NOT contain the new variables in module descriptor&lt;br/&gt;
 mod-source-record-storage : ready to accept env variables, it DOES NOT contain the new variables in module descriptor&lt;br/&gt;
 mod-source-record-manager: ready to accept env variables, it DOES NOT contain the new variables in module descriptor&lt;br/&gt;
 mod-inventory: ready to accept env variables, it DOES NOT contain the new variables in module descriptor&lt;br/&gt;
 mod-inventory-storage : does not support the environment variables&lt;br/&gt;
 mod-data-import : ready to accept env variables, it DOES NOT contain the new variables in module descriptor&lt;/p&gt;</comment>
                                                            <comment id="189705" author="557058:06f9b6fb-9a52-481a-ad72-6e13fc570a8a" created="Wed, 18 Aug 2021 08:25:07 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; class=&quot;user-hover&quot; rel=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; data-account-id=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; accountid=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; rel=&quot;noreferrer&quot;&gt;Drif Abdenour&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;mod-source-record-storage,&#160;mod-source-record-manager,&#160;mod-inventory and&#160;mod-data-import DO support env variables - it was added in folio-kafka-wrapper lib that is used in the specified modules, so every Kafka security prop that was required in&#160;
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODPUBSUB-171&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODPUBSUB-171&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Provide properties for Kafka security in kafka-wrapper&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MODPUBSUB-171
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;a href=&quot;https://folio-org.atlassian.net/wiki/pages/viewpage.action?spaceKey=~mage.air&amp;amp;title=Kafka+Security&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/pages/viewpage.action?spaceKey=~mage.air&amp;amp;title=Kafka+Security&lt;/a&gt;&#160;can be passed for those modules.&lt;/p&gt;</comment>
                                                            <comment id="189708" author="712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152" created="Wed, 18 Aug 2021 08:33:15 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; class=&quot;user-hover&quot; rel=&quot;557058:06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; data-account-id=&quot;557058:06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; accountid=&quot;557058:06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; rel=&quot;noreferrer&quot;&gt;Kateryna Senchenko&lt;/a&gt;&#160;, Thank you for clarifying this , i already edited my comment .&#160;&lt;/p&gt;</comment>
                                                            <comment id="189710" author="63e2a2771b13d42998e4e706" created="Wed, 18 Aug 2021 09:26:52 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Addc9bb7b-6444-4731-9688-566a04c9307c&quot; class=&quot;user-hover&quot; rel=&quot;557058:ddc9bb7b-6444-4731-9688-566a04c9307c&quot; data-account-id=&quot;557058:ddc9bb7b-6444-4731-9688-566a04c9307c&quot; accountid=&quot;557058:ddc9bb7b-6444-4731-9688-566a04c9307c&quot; rel=&quot;noreferrer&quot;&gt;Jeremy Huff&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=615afd1cd9820f0070a09ef0&quot; class=&quot;user-hover&quot; rel=&quot;615afd1cd9820f0070a09ef0&quot; data-account-id=&quot;615afd1cd9820f0070a09ef0&quot; accountid=&quot;615afd1cd9820f0070a09ef0&quot; rel=&quot;noreferrer&quot;&gt;Zak Burke&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;As described in &lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/~mage.air/Kafka+Security&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/display/~mage.air/Kafka+Security&lt;/a&gt; TLS transport will be the basis on which Kafka auth and tenant seperation is going to be built.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;This document is in a personal workspace and marked as draft. Should this be considered the official policy for Kafka security in FOLIO? And if so, should it be moved to the section of the decision log that includes Kafka documentation?&lt;/p&gt;</comment>
                                                            <comment id="189712" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 24 Aug 2021 13:15:59 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=63e2a2771b13d42998e4e706&quot; class=&quot;user-hover&quot; rel=&quot;63e2a2771b13d42998e4e706&quot; data-account-id=&quot;63e2a2771b13d42998e4e706&quot; accountid=&quot;63e2a2771b13d42998e4e706&quot; rel=&quot;noreferrer&quot;&gt;Marc Johnson&lt;/a&gt; I think it&apos;s a good idea to move it out from the personal workspace.&lt;/p&gt;</comment>
                                                            <comment id="189713" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 24 Aug 2021 13:23:03 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; class=&quot;user-hover&quot; rel=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; data-account-id=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; accountid=&quot;712020:614f8bc3-fc5f-4aef-9545-5c5fc7ad9152&quot; rel=&quot;noreferrer&quot;&gt;Drif Abdenour&lt;/a&gt; are you able to pick this ticket up and do the following:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;reconfigure Kafka provisioned through folio-ansible on ref envs to support SSL&lt;/li&gt;
	&lt;li&gt;generate keys using the appropriate tools and place them in the keystores&lt;/li&gt;
	&lt;li&gt;configure modules that support the SSL env vars with Kafka SSL config&lt;/li&gt;
&lt;/ul&gt;
</comment>
                                                            <comment id="189716" author="712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad" created="Thu, 9 Sep 2021 09:42:00 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; , &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=63e2a2771b13d42998e4e706&quot; class=&quot;user-hover&quot; rel=&quot;63e2a2771b13d42998e4e706&quot; data-account-id=&quot;63e2a2771b13d42998e4e706&quot; accountid=&quot;63e2a2771b13d42998e4e706&quot; rel=&quot;noreferrer&quot;&gt;Marc Johnson&lt;/a&gt; &lt;/p&gt;



&lt;p&gt;I was planning to move it to public space as soon as we finish testing anfd create documentation for setting up different types of environments.&lt;/p&gt;</comment>
                                                            <comment id="189718" author="63e2a2771b13d42998e4e706" created="Thu, 9 Sep 2021 09:45:27 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; class=&quot;user-hover&quot; rel=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; data-account-id=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; accountid=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; rel=&quot;noreferrer&quot;&gt;Vladimir Shalaev&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Thanks for responding to my question.&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;I was planning to move it to public space as soon as we finish testing anfd create documentation for setting up different types of environments.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Is the document intended to be implementation guidance for folks or an official policy on recommended Kafka Security (or both)? &lt;/p&gt;

</comment>
                                                            <comment id="189721" author="712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad" created="Thu, 9 Sep 2021 11:09:02 +0000"  >&lt;p&gt;I expect it to be a guidance for configuring secure Kafka connections &lt;em&gt;when needed&lt;/em&gt;. And particular hoster/installation can decide if they need it or not.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;In general that&apos;s not an invention - this is simply usage of existing security mechanisms provided by Kafka and kafka bundled library.&lt;/p&gt;</comment>
                                                            <comment id="189723" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Thu, 9 Sep 2021 13:34:11 +0000"  >&lt;p&gt;@malc there is a question from &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A120c128f-75c5-46ef-96df-d1ae8e8a33b0&quot; class=&quot;user-hover&quot; rel=&quot;712020:120c128f-75c5-46ef-96df-d1ae8e8a33b0&quot; data-account-id=&quot;712020:120c128f-75c5-46ef-96df-d1ae8e8a33b0&quot; accountid=&quot;712020:120c128f-75c5-46ef-96df-d1ae8e8a33b0&quot; rel=&quot;noreferrer&quot;&gt;Aliaksei Luhavy&lt;/a&gt; regarding this ticket on where to store certs generated for the modules?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                            <outwardlinks description="blocks">
                                        <issuelink>
            <issuekey id="28792">MSEARCH-105</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzx1ao:c</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="388">DevOps Sprint 120</customfieldvalue>
    <customfieldvalue id="389">DevOps Sprint 121</customfieldvalue>
    <customfieldvalue id="1830">DevOps Sprint 116</customfieldvalue>
    <customfieldvalue id="279">DevOps Sprint 122</customfieldvalue>
    <customfieldvalue id="280">DevOps Sprint 123</customfieldvalue>
    <customfieldvalue id="281">DevOps Sprint 124</customfieldvalue>
    <customfieldvalue id="1993">DevOps Sprint 115</customfieldvalue>
    <customfieldvalue id="1994">DevOps Sprint 117</customfieldvalue>
    <customfieldvalue id="1995">DevOps Sprint 118</customfieldvalue>
    <customfieldvalue id="236">Kitfox: sprint 165</customfieldvalue>
    <customfieldvalue id="1996">DevOps Sprint 119</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 22 Jun 2021 17:33:58 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>