.. _controlcenter_security:

Security Overview
=================

GUI HTTPS
---------
HTTPS is supported for web access to Confluent Control Center. For more details, check the :ref:`configuration options<https_settings>`.


Kafka
-----
Standard Kafka authentication, authorization, and encryption options are available for :ref:`control center<kafka_encryption_authentication_authorization_settings>` and :ref:`interceptors<interceptor_configuration_options>`.

Authorization with Kafka ACLS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
We have provided a script for creating the ACLs necessary for Confluent Control Center to operate on an authorized cluster. This script needs to be run before you start Confluent Control Center:

.. sourcecode:: bash

    $ export KAFKA_OPTS="-Djava.security.auth.login.config=/path/to/kafka_jaas.conf"
    $ bin/controlcenter-set-acls config/controlcenter.properties

You will also need to export a Confluent Control Center JAAS config before starting Confluent Control Center.

.. sourcecode:: bash

    $ export CONTROL_CENTER_OPTS='-Djava.security.auth.login.config=/path/to/c3_jaas.conf'