feat: add optional ssl key password

2025-09-13 09:12:51 +00:00 · 2025-08-25 09:45:33 +02:00
parent 17ebd31cef
commit 451c19b48c
3 changed files with 28 additions and 18 deletions
--- a/README.md
+++ b/README.md
@@ -43,9 +43,10 @@ Die Anwendung lässt sich auch mit Umgebungsvariablen konfigurieren.

 Optionale Umgebungsvariablen - wenn angegeben wird eine SSL-Verbindung zu Kafka aufgebaut.

-* `APP_SSL_CA_FILE`: CA für SSL-Verbindungen
-* `APP_SSL_CA_FILE`: SSL Certificate Datei
-* `APP_SSL_CA_FILE`: SSL Key Datei
+* `APP_KAFKA_SSL_CA_FILE`: CA für SSL-Verbindungen
+* `APP_KAFKA_SSL_CERT_FILE`: SSL Certificate Datei
+* `APP_KAFKA_SSL_KEY_FILE`: SSL Key Datei
+* `APP_KAFKA_SSL_KEY_PASSWORD`: SSL KEY Passwort (wenn benötigt)

 Die Angabe eines Tokens ist verpflichtend und kann entweder über den Parameter `--token` erfolgen, oder über die
 Umgebungsvariable `APP_SECURITY_TOKEN`.
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -36,20 +36,26 @@ pub struct Cli {
    pub listen: String,
    #[arg(
        long,
-        env = "APP_SSL_CA_FILE",
+        env = "APP_KAFKA_SSL_CA_FILE",
        help = "CA file for SSL connection to Kafka"
    )]
    pub ssl_ca_file: Option<String>,
    #[arg(
        long,
-        env = "APP_SSL_CERT_FILE",
+        env = "APP_KAFKA_SSL_CERT_FILE",
        help = "Certificate file for SSL connection to Kafka"
    )]
    pub ssl_cert_file: Option<String>,
    #[arg(
        long,
-        env = "APP_SSL_KEY_FILE",
+        env = "APP_KAFKA_SSL_KEY_FILE",
        help = "Key file for SSL connection to Kafka"
    )]
    pub ssl_key_file: Option<String>,
+    #[arg(
+        long,
+        env = "APP_KAFKA_SSL_KEY_PASSWORD",
+        help = "The SSL key password"
+    )]
+    pub ssl_key_password: Option<String>,
 }
--- a/src/main.rs
+++ b/src/main.rs
@@ -73,12 +73,16 @@ async fn main() -> Result<(), ()> {
            .init();
    }

-    let producer = if CONFIG.ssl_cert_file.is_some() || CONFIG.ssl_key_file.is_some() {
-        // Use SSL
-        ClientConfig::new()
+    let mut client_config = ClientConfig::new();
+
+    client_config
        .set("bootstrap.servers", &CONFIG.bootstrap_server)
        .set("message.timeout.ms", "5000")
-            .set("security.protocol", "ssl")
+        .set("security.protocol", "ssl");
+
+    let producer = if CONFIG.ssl_cert_file.is_some() || CONFIG.ssl_key_file.is_some() {
+        // Use SSL
+        client_config
            .set(
                "ssl.ca.location",
                CONFIG.ssl_ca_file.clone().unwrap_or_default(),
@@ -90,16 +94,14 @@ async fn main() -> Result<(), ()> {
            .set(
                "ssl.key.location",
                CONFIG.ssl_key_file.clone().unwrap_or_default(),
-            )
-            .create::<FutureProducer>()
-            .map_err(|_| ())?
+            );
+        if let Some(ssl_key_password) = &CONFIG.ssl_key_password {
+            client_config.set("ssl.key.password", ssl_key_password);
+        }
+        client_config.create::<FutureProducer>().map_err(|_| ())?
    } else {
        // Plain
-        ClientConfig::new()
-            .set("bootstrap.servers", &CONFIG.bootstrap_server)
-            .set("message.timeout.ms", "5000")
-            .create::<FutureProducer>()
-            .map_err(|_| ())?
+        client_config.create::<FutureProducer>().map_err(|_| ())?
    };

    let sender = Arc::new(DefaultMtbFileSender::new(&CONFIG.topic, producer));
@@ -128,6 +130,7 @@ static CONFIG: LazyLock<Cli> = LazyLock::new(|| Cli {
    ssl_ca_file: None,
    ssl_cert_file: None,
    ssl_key_file: None,
+    ssl_key_password: None,
 });

 #[cfg(test)]