Kafdrop - Access control

Hello. We are trying to use “kafdrop” OSS in my workplace so that it can help app teams view the messages. But our info sec team doesn’t allow it due to the fact that the messages will get exposed to everyone. To overcome this I was thinking we can store encrypted messages into topic. Can the encrypted messages be published to the topic and then decrypt it at consumer end? Or any other recommendations?

Kafdrop wouldn’t know how to deserialize those encrypted messages, out of the box. You’d need to somehow inject some custom deserializer, as well as edit the producer serializer

Anyone can also use kafka-console-consumer unless you have ACLs or other security gates

You’d be better off adding some HTTP Auth in front of the UI to limit access.