When an enterprise subscribes to Confluent Cloud™ services, their data is encrypted in motion and at rest. This document outlines our recommended approach to designing for “end-to-end encryption” into Kafka clients, in other words, for encryption both in motion and at rest. It is based on a symmetric encryption scheme. It is intended for engineering design teams who seek to implement end-to-end message payload encryption on the Confluent Cloud platform.
Jason Gustafson, Software Engineer, Confluent
Jason Gustafson is an engineer at Confluent and a member of the Apache Kafka PMC. He is one of the most active contributors to Kafka and has made many improvements including support for exactly-once semantics and core enhancements to the replication protocol.