feat: add optional ssl key password

README.md

@@ -43,9 +43,10 @@ Die Anwendung lässt sich auch mit Umgebungsvariablen konfigurieren.
 
 Optionale Umgebungsvariablen - wenn angegeben wird eine SSL-Verbindung zu Kafka aufgebaut.
 
-* `APP_SSL_CA_FILE`: CA für SSL-Verbindungen
+* `APP_KAFKA_SSL_CA_FILE`: CA für SSL-Verbindungen
-* `APP_SSL_CA_FILE`: SSL Certificate Datei
+* `APP_KAFKA_SSL_CERT_FILE`: SSL Certificate Datei
-* `APP_SSL_CA_FILE`: SSL Key Datei
+* `APP_KAFKA_SSL_KEY_FILE`: SSL Key Datei
+* `APP_KAFKA_SSL_KEY_PASSWORD`: SSL KEY Passwort (wenn benötigt)
 
 Die Angabe eines Tokens ist verpflichtend und kann entweder über den Parameter `--token` erfolgen, oder über die
 Umgebungsvariable `APP_SECURITY_TOKEN`.

src/cli.rs

@@ -36,20 +36,26 @@ pub struct Cli {
     pub listen: String,
     #[arg(
         long,
-        env = "APP_SSL_CA_FILE",
+        env = "APP_KAFKA_SSL_CA_FILE",
         help = "CA file for SSL connection to Kafka"
     )]
     pub ssl_ca_file: Option<String>,
     #[arg(
         long,
-        env = "APP_SSL_CERT_FILE",
+        env = "APP_KAFKA_SSL_CERT_FILE",
         help = "Certificate file for SSL connection to Kafka"
     )]
     pub ssl_cert_file: Option<String>,
     #[arg(
         long,
-        env = "APP_SSL_KEY_FILE",
+        env = "APP_KAFKA_SSL_KEY_FILE",
         help = "Key file for SSL connection to Kafka"
     )]
     pub ssl_key_file: Option<String>,
+    #[arg(
+        long,
+        env = "APP_KAFKA_SSL_KEY_PASSWORD",
+        help = "The SSL key password"
+    )]
+    pub ssl_key_password: Option<String>,
 }

src/main.rs

@@ -73,12 +73,16 @@ async fn main() -> Result<(), ()> {
             .init();
     }
 
-    let producer = if CONFIG.ssl_cert_file.is_some() || CONFIG.ssl_key_file.is_some() {
+    let mut client_config = ClientConfig::new();
-        // Use SSL
+
-        ClientConfig::new()
+    client_config
         .set("bootstrap.servers", &CONFIG.bootstrap_server)
         .set("message.timeout.ms", "5000")
-            .set("security.protocol", "ssl")
+        .set("security.protocol", "ssl");
+
+    let producer = if CONFIG.ssl_cert_file.is_some() || CONFIG.ssl_key_file.is_some() {
+        // Use SSL
+        client_config
             .set(
                 "ssl.ca.location",
                 CONFIG.ssl_ca_file.clone().unwrap_or_default(),
@@ -90,16 +94,14 @@ async fn main() -> Result<(), ()> {
             .set(
                 "ssl.key.location",
                 CONFIG.ssl_key_file.clone().unwrap_or_default(),
-            )
+            );
-            .create::<FutureProducer>()
+        if let Some(ssl_key_password) = &CONFIG.ssl_key_password {
-            .map_err(|_| ())?
+            client_config.set("ssl.key.password", ssl_key_password);
+        }
+        client_config.create::<FutureProducer>().map_err(|_| ())?
     } else {
         // Plain
-        ClientConfig::new()
+        client_config.create::<FutureProducer>().map_err(|_| ())?
-            .set("bootstrap.servers", &CONFIG.bootstrap_server)
-            .set("message.timeout.ms", "5000")
-            .create::<FutureProducer>()
-            .map_err(|_| ())?
     };
 
     let sender = Arc::new(DefaultMtbFileSender::new(&CONFIG.topic, producer));
@@ -128,6 +130,7 @@ static CONFIG: LazyLock<Cli> = LazyLock::new(|| Cli {
     ssl_ca_file: None,
     ssl_cert_file: None,
     ssl_key_file: None,
+    ssl_key_password: None,
 });
 
 #[cfg(test)]