Spring Boot 3.3.0 supports base64 resources, but the KafkaProperties.java file has a method resourceToPath that required a Resource can be turned into a path.

Can we either have the key-store-location properties support non-path resources, or make a new key-store-resource that takes non-path resources?

Comment From: scottfrederick

The values of the spring.kafka.ssl.key-store-location and spring.kafka.ssl.trust-store-location properties are passed to the Apache Kafka Java client library, which expects them to be file locations. Changing those properties to accept Base64-encoded strings would require a change to the Apache Kafka library, not just to Spring Boot.

Instead of using those properties, you can define an SSL bundle (which supports the base64: resource prefix), and then apply that bundle to the Kafka connection using the spring.kafka.ssl.bundle property instead of the discrete spring.kafka.ssl.* properties. The spring.kafka.ssl.bundle property is available as of Spring Boot 3.2.

Comment From: Sineaggi

@scottfrederick should JksSslBundleProperties.Store.location be updated to be a Resource object instead of a string then?

Comment From: scottfrederick

should JksSslBundleProperties.Store.location be updated to be a Resource object instead of a string

No, that's not necessary. The string value is loaded as a resource when necessary. Did you try it to see if this works as a base64: resource?

Comment From: Sineaggi

It does, yeah. Works perfectly, we're able to remove a bunch of custom parsing/file writing at startup thanks to this.

Comment From: kbhatt-equinix

@Sineaggi How you passed base64 string to ssl config ? I don't want to use file/location as most of all our config is passed as string config.

Comment From: philwebb

@kbhatt-equinix, you should be able to use the base64: prefix for the resource value. E.g.: 

spring:
  ssl:
    bundle:
      jks:
        mybundle:
          keystore:
            location: "base64:<the encoded value>

Your comment has made me realize that we don't have documentation for this, so I've opened #43809

Comment From: kbhatt-equinix

thanks @philwebb - it was very helpful. was looking for base64 since last 2-3 days but was not able to find anything. it worked for me