Support mTLS Authentication for Kafka Producer monitorΒ #6972
Description
π I have found these related issues/pull requests
This is the same issue but for MQTT: #5539
π Feature description
The Kafka Producer monitor currently supports SASL authentication mechanisms, but it does not support mutual TLS authentication. Many Kafka deployments, especially in enterprise and regulated environments, rely on mTLS as the primary authentication and authorization mechanism.
Without mTLS support, users running Kafka clusters secured exclusively with TLS client certificates cannot use the Kafka Producer monitor in Uptime Kuma. This limits adoption in environments where SASL is disabled and certificate based authentication is mandatory.
Adding support for mTLS would allow the Kafka Producer monitor to authenticate using:
- Client certificate
- Client private key
- Optional CA certificate
- Standard TLS configuration parameters
βοΈ Solution
Extend the Kafka Producer monitor configuration to include TLS client authentication options, similar to how Kafka clients support SSL configuration.
Suggested additions:
- Enable TLS toggle
- Client certificate upload or PEM input
- Client private key upload or PEM input
β Alternatives
Continue using SASL only
This does not work for clusters configured exclusively with mTLS authentication and no SASL mechanisms enabled.
π Additional Context
Many modern Kafka deployments, including those running in Kubernetes environments such as Strimzi, default to TLS client authentication. Supporting mTLS would significantly improve compatibility with these production grade setups.