Handle rotation of password in spring cloud stream consumers when connected to MSK kafka

Question

I have a Kafka consumer written using Spring Cloud Stream which connects to Kafka deployed on Amazon MSK cluster with secret manager for periodic password rotation.

Problem:

Do I need to re-instantiate the application on every password rotation? If yes, is there a standard way to do it using Spring Cloud Stream?

Current solution: We have implemented a health check based on the Spring actuator. In case of binder connection failure we restart the ECS.

The current solution is very un-stable as we are still getting SASLAuthentication exception which is not captured by the health check and there is no re-instantiation of the application

Please, suggest me a way out.

@gary-russell Could you please suggest – Hari Pillai Nov 08 '21 at 06:37 — Hari Pillai, Nov 08 '21 at 06:37

score 0 · Answer 1 · answered Nov 09 '21 at 19:46

You can reconfigure the consumer and producer factory (with the new credentials).

On the producer side, call reset() on the factory to close the existing producer(s) and reconnect on demand.

On the consumer side, you can stop() and start() the KafkaListenerEndpointRegistry to close and reconnect the consumers.

Handle rotation of password in spring cloud stream consumers when connected to MSK kafka

1 Answers1