Remove the hassle of handling certificates & keystores as files.

Temporary secured keystores are generated on the fly when you need them for your kafka consumers/producers.

The keystore/truststore have passwords generated randomly at runtime using

Getting the latest release

If you don't have a gitub access token, Then create a token under your Github Settings/Developer settings/Personal access tokens (, whilst making sure that the token has read:packages, write:packages and delete:packages permissions

Using Leiningen

Add the following repository to your project.clj:

 [["github" {:url ""}]]

And add the kafka-ssl-helper dependency: [com.viooh/kafka-ssl-helper "0.9.0"].

Using Gradle

repositories {
    maven {
        url ""
    maven {
        url ""


ssl-opts takes the private key and certificate of your consumer/producer which should have been received securely and returns the needed kafka consumer/producer configs (truststore & keystore).

From Clojure

;; import ssl-opts
(require '[kafka-ssl-helper.core :as ssl-helper])

;; cert-pem, private-key and ca-cert are multi line strings
(ssl-opts {:cert-pem    cert-pem
           :private-key private-key
           :ca-cert-pem ca-cert})
;; resulting map
{:ssl.keystore.location   "ks.jks"
 :ssl.keystore.password   "GeneratedPassword"
 :ssl.truststore.location "ts.jks"
 :ssl.truststore.password "GeneratedPassword"
 :security.protocol       "SSL"}

;; usage with a producer
(let [producer (KafkaProducer.
                ^Map (merge kafka-config
                             {:cert-pem    cert-pem
                              :private-key private-key
                              :ca-cert-pem ca-cert})))]

Authors and contributors

Copyright © 2019-2020 VIOOH Ltd

Distributed under the Apache License v 2.0 (