Project Metamorphosis: Unveiling the next-gen event streaming platformLearn More
Enterprise-grade Security

Ensure confidentiality, compliance and secure access for Apache Kafka®

Confluent Platform completes Kafka with enterprise-grade security capabilities to ensure confidentiality of critical information, traceability of user actions and secure access to resources with scalability and standardization.


  • Secret Protection

    Secret Protection safeguards all critically sensitive information (e.g passwords and tokens) within Kafka with at-rest encryption of configuration files. It encrypts not only Kafka files, but any config file published to Kafka.

  • Structured Audit Logs

    Structured Audit Logs captures authorization logs in a set of dedicated Kafka topics, on a local or a remote cluster. Use Kafka native tools, such as ksqlDB, to process and analyse, or offload to external systems using Confluent connectors.

  • Role-Based Access Control

    RBAC is a centralized implementation for secure access to Kafka resources with fine-tuned granularity and platform-wide standardization. Control permissions by users/groups to clusters, topics, consumers groups and even individual connectors.

Ensure confidentiality and compliance

Protect critically sensitive information

Avoid risk by ensuring that confidential information, such as user passwords, is only visible to authorized users. Secret Protection provides:

Trace user actions to conduct forensics

Capture the actions taken by users to detect abnormal behavior, identify potential security threats, and address compliance requirements related to information security. Structured Audit Logs allows you:
  • Store authorization logs in dedicated Kafka topics
  • Manage the type of logs that need to be traced
  • Process and analyze using ksqlDB, or offload to external systems using Confluent sink connectors.
To provide industry-backed standardization, Structured Audit Logs uses the CloudEvents specification to define the log syntax.

Enable granular access to critical resources

Build multi-tenant Kafka clusters

Control permissions by users and groups to shared platform resources, such as clusters, topics, and even individual connectors. RBAC allows you to run multi-tenant clusters, allowing for more scalable operations and more efficient use of resources.

Integrate with enterprise security systems

RBAC integrates with existing security authorization systems (AD/LDAP) to allow you to naturally handle permissions using a common user inventory across existing IT systems.

Simplify enterprise-scale Kafka operations

Scale Kafka security management efficiently

Delegate the responsibility of managing access permissions to true resource owners, such as departments and business units. RBAC helps you scale Kafka more efficiently, because it spreads the operational load of managing authorization across a variety of users, which eliminates bottlenecks.

Manage Kafka centrally and visually

Simplifies security management across your organization by using Control Center to view your own permissions, as well as manage role bindings for your downstream stakeholders.

Standardize security across the platform

Leverage a single framework to centrally manage and enforce security authorization across the entire Confluent Platform to ensure security at scale. RBAC delivers comprehensive authorization enforced via:


Sign Up Now

Start your 3-month trial. Get up to $200 off on each of your first 3 Confluent Cloud monthly bills

New signups only.

By clicking “sign up” above you understand we will process your personal information in accordance with our Privacy Policy.

By clicking "sign up" above you agree to the Terms of Service and to receive occasional marketing emails from Confluent. You also understand that we will process your personal information in accordance with our Privacy Policy.

Free Forever on a Single Kafka Broker

The software will allow unlimited-time usage of commercial features on a single Kafka broker. Upon adding a second broker, a 30-day timer will automatically start on commercial features, which cannot be reset by moving back to one broker.

Select Deployment Type
Manual Deployment
  • tar
  • zip
  • deb
  • rpm
  • docker
Auto Deployment
  • kubernetes
  • ansible

By clicking "download free" above you understand we will process your personal information in accordance with our Privacy Policy.

By clicking "download free" above, you agree to the Confluent License Agreement and to receive occasional marketing emails from Confluent. You also agree that your personal data will be processed in accordance with our Privacy Policy.

This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising, and analytics partners.