Skip to main content
The Kafka component is an orchestration component that lets you load data from Kafka topics into either schemaless JSON or JSON schema objects. This data is then stored in your preferred storage location (Snowflake, Databricks, Amazon Redshift, or cloud storage). New to Kafka? Read Apache Kafka’s Introduction. You do not need to use the Create Table component when using this connector, as the Kafka component will create a new table or replace an existing table for you using the Destination parameters you define. We recommend that you make use of the Apache Kafka documentation when using this component. If the component requires access to a cloud provider (AWS, Azure, or GCP), it will use the cloud credentials associated with your environment to access resources. To stage data to Azure Blob Storage, the Azure credentials associated with your environment must be assigned the Storage Blob Data Contributor role. For more information, read User assigned with the Storage Blob Data Contributor role.

Properties

Reference material is provided below for the Connect, Configure, Destination, and Advanced Settings properties.
Name
string
required
A human-readable name for the component.

Connect

Authentication Type
drop-down
required
Specify the authentication mechanism to use for connecting to the Kafka broker.
  • None: No authentication.
  • Username & Password: Authenticate with a username and password (basic authentication). This uses the Simple Authentication and Security Layer (SASL) protocol. In your Kafka configuration file (server.properties), you must set the security.inter.broker.protocol to support SASL. Read SASL configuration to learn more.
  • OAuth 2.0 Client Credentials: Authenticate using OAuth 2.0 authorization. You will need an OAuth 2.0 authorization server (such as Auth0, Okta, or Keycloak) to issue access tokens.
If using OAuth 2.0 Client Credentials, you must edit your server.properties file to ensure the server (broker) accepts SASL/OAUTHBEARER tokens. For example:
listeners=SASL_SSL://:9092
sasl.enabled.mechanisms=OAUTHBEARER
Username
string
required
The username value defined in your jaas.conf (Java Authentication and Authorization Service) file. You can define as many users as required in this file. For example:
KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="myUser"
    password="myPassword";
};
To set up additional Kafka users, edit your jaas.conf file accordingly. For example, this is a configuration that defines additional users (producer, consumer, registry):
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
 serviceName="kafka"
 username="admin"
 password="admin-secret"
 user_producer="producer-secret"
 user_consumer="consumer-secret"
 user_registry="registry-secret";
};
Password
drop-down
required
Use the drop-down menu to select the corresponding secret definition that denotes the value of the password tied to your username in your jaas.conf (Java Authentication and Authorization Service) file. For example:
KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="myUser"
    password="myPassword";
};
Read Secrets and secret definitions to learn how to create a new secret definition.
Authentication
drop-down
required
Use the drop-down menu to select an OAuth connection to Kafka or Kafka Confluent Cloud.Read Kafka authentication guide to learn how to obtain the credentials to create a Kafka or Kafka Confluent Cloud OAuth connection.
Bootstrap Servers
string list
required
Set addresses for each bootstrap server (also known as a broker) to connect to when commencing communication with a Kafka cluster. Multiple bootstrap servers will be defined as a comma-separated list. For example, myBroker1:9092, myBroker2:9092, myBroker3:9092. If a failure occurs, Kafka will attempt to connect to the next broker in the list.
Encryption
drop-down
required
  • None: No encryption.
  • TLS: Use a TLS certificate (in .pem format) to secure communication to the Kafka cluster. To use TLS, make sure you update your Kafka configuration (server.properties) on the server side as well as client properties to enable SSL as the communication protocol. For example, security.protocol=SASL_SSL. This setting is recommended if you’re using basic authentication (username and password) to authenticate.
Security protocolDescription
PLAINTEXTUn-authenticated, non-encrypted channel
SSLSSL channel
SASL_PLAINTEXTSASL authenticated, non-encrypted channel
SASL_SSLSASL authenticated, SSL channel
You can enable TLS without passing a certificate. In such cases, the security protocol will be set to the SSL equivalent of the authentication type chosen. If you do pass a certificate, the trust store certificate and trust store type will be configured.
Trusted Certificate
text editor
Add your TLS certificates into the text editor. Supports x.509 certificates in .pem format.This certificate should be the trusted certificate of the broker.
This parameter is optional. It’s possible to set Encryption to TLS and not provide a certificate. This works in instances where the broker’s certificate is trusted by a well-known certificate authority (CA).
Topic
drop-down
required
Once you have authenticated with your Kafka configuration, this drop-down will display any available Kafka topics in your defined cluster. Topics are high-level categories for data in Kafka, used as the storage mechanism of Kafka messages (events), similar to a folder storing files in a filesystem. Read Introduction to learn more.
Internal topics have been filtered out and won’t appear in the drop-down list.
Consumer Group
string
required
ID of a consumer group, usually defined by the app or client consuming data from Kafka. A consumer group is set as a group.id. For example, in a properties file such as consumer.properties:
bootstrap.servers=myBroker1:9092
group.id=my-consumer-group
enable.auto.commit=true
key.deserializer=org.apache.kafka.common.serialization.StringDeserializer
value.deserializer=org.apache.kafka.common.serialization.StringDeserializer
The consumer group may also be defined in code, as in Java:
Properties props = new Properties();
props.put("bootstrap.servers", "myBroker1:9092");
props.put("group.id", "my-consumer-group");
Generate Unique Consumer Group
boolean
required
The primary function of this property is to enable a Full Load Pattern by creating a new consumer that reads from the topic’s beginning, ignoring any previously committed offsets. When set to Yes, a unique ID is appended to the value specified in Consumer Group for each run of this connector.The table below highlights different ways you might use the Kafka connector, with advice on how to set the Generate Unique Consumer Group property.
Use caseMethodGenerate Unique Consumer Group?
Single connector, full loadOn each execution of the connector, a new consumer group will be initiated. The read operation will execute from the beginning of a topic.Yes
Multiple connectors, full loadFor users who wish to run multiple Kafka connectors in parallel. You will need a unique consumer group per pipeline execution. You can achieve this using variables created at the pipeline level passed into each Kafka connector’s Consumer Group property. This operation will execute all Kafka connectors in the pipeline as parts of the same consumer group, meaning the full load will be executed in parallel.No
Kafka-native incremental loadFor users who wish to use Kafka’s internal incremental load capabilities. Use a static consumer group name. On each execution of the Kafka connector, it will remain part of the same consumer group. This will expose Kafka’s internal offset management. The broker will track the offset. When the connector is executed again, it will begin reading from where it finished on the last execution.No
If you opt for the parallel load or incremental load use cases mentioned above, you should ensure you have a pipeline that executes on failure, where a user can set the Generate Unique Consumer Group to Yes, ensuring that a full load of the topic is executed successfully. We have created pipelines for this, which you can download:The purpose of these pipelines is to circumvent issues that could occur if the pipeline fails after the read operation. In such instances, data could be lost because the consumer group would still read from its last read position, not where the pipeline failed.

Configure

Data Format
drop-down
required
Set the data format of messages in your topics.
  • Schemaless JSON: Messages have no predefined structure, meaning messages may vary. While schemaless JSON can offer simplicity and flexibility, discrepancies and missing fields require more manual intervention.
  • JSON schema: Provides validation, compatibility control, and consistency of messages. You may deem this format more suitable to production-grade applications where data integrity is vital.
Schema Registry URL
string
required
The URL to the schema registry used by the Kafka cluster. This may be specified in your client configuration file, or directly in an application’s code. If you’re using Confluent Cloud, use the Confluent Cloud UI. Read Quick Start for Schema Management on Confluent Cloud to learn more.Only available when Data Format is set to a structured type. Currently, the only supported structured data format is JSON Schema.
Authentication Type
drop-down
required
Choose to authenticate with a username and password or not to authenticate (None).Only available when Data Format is set to a structured type, such as JSON schema.
Schema Registry Username
string
required
The username specified in your client app that connects to the schema registry. For example:
schema.registry.url=https://your-schema-registry-url
basic.auth.credentials.source=USER_INFO
schema.registry.basic.auth.user.info=my-username:my-password
Only available when Data Format is set to JSON Schema and Authentication Type is set to Username & Password.
Schema Registry Password
drop-down
required
Use the drop-down menu to select the corresponding secret definition that denotes the value of the password tied to your username and schema registry. For example:
schema.registry.url=https://your-schema-registry-url
basic.auth.credentials.source=USER_INFO
schema.registry.basic.auth.user.info=my-username:my-password
Read Secrets and secret definitions to learn how to create a new secret definition.Only available when Data Format is set to JSON Schema and Authentication Type is set to Username & Password.
Schema Registry Encryption
drop-down
required
Determines whether the Schema Registry Trusted Certificate parameter is displayed or hidden.
  • None: No encryption.
  • TLS: Use a TLS certificate (in .pem format). Encryption is based on the protocol specified in Schema Registry URL. If the URL uses HTTPS (i.e. begins with https://…) then TLS will be enabled. Otherwise, traffic will be in plaintext.
Only available when Data Format is set to JSON Schema.
Schema Registry Trusted Certificate
editor
Add your TLS certificates into the text editor. Supports x.509 certificates in .pem format.Only available when Data Format is set to JSON Schema and Schema Registry Encryption is set to TLS.

Destination

Select your cloud data warehouse.
Destination
drop-down
required
Select the destination for your data. This is either in Snowflake as a table or as files in cloud storage.
  • Snowflake: Load your data into a table in Snowflake. The data must first be staged via Snowflake or a cloud storage solution.
  • Cloud Storage: Load your data directly into files in your preferred cloud storage location. The format of these files can differ between source systems and will not have a file extension so we suggest inspecting the output to determine the format of the data.
Warehouse
drop-down
required
The Snowflake warehouse used to run the queries. The special value [Environment Default] uses the warehouse defined in the environment. Read Overview of Warehouses to learn more.
Database
drop-down
required
The Snowflake database to access. The special value [Environment Default] uses the database defined in the environment. Read Databases, Tables and Views - Overview to learn more.
Schema
drop-down
required
The Snowflake schema. The special value [Environment Default] uses the schema defined in the environment. Read Database, Schema, and Share DDL to learn more.
Table Name
string
required
The name of the table to be created in your Snowflake database. You can use a Table Input component in a transformation pipeline to access and transform this data after it has been loaded.
Load Strategy
drop-down
required
Define what happens if the table name already exists in the specified Snowflake database and schema.
  • Replace: If the specified table name already exists, that table will be destroyed and replaced by the table created during this pipeline run.
  • Truncate and Insert: If the specified table name already exists, all rows within the table will be removed and new rows will be inserted per the next run of this pipeline.
  • Fail if Exists: If the specified table name already exists, this pipeline will fail to run.
  • Append: If the specified table name already exists, then the data is inserted without altering or deleting the existing data in the table. It’s appended onto the end of the existing data in the table. If the specified table name doesn’t exist, then the table will be created, and your data will be inserted into the table.
Clean Staged files
boolean
required
  • Yes: Staged files will be destroyed after data is loaded. This is the default setting.
  • No: Staged files are retained in the staging area after data is loaded.
Stage Access Strategy
drop-down
Select the stage access strategy. The strategies available depend on the cloud platform you select in Stage Platform.
  • Credentials: Connects to the external stage (AWS, Azure) using your configured cloud provider credentials. Not available for Google Cloud Storage.
  • Storage Integration: Use a Snowflake storage integration to grant access to Snowflake to read data from and write to a cloud storage location. This will reveal the Storage Integration property, through which you can select any of your existing Snowflake storage integrations.
Stage Platform
drop-down
required
Use the drop-down menu to choose where the data is staged before being loaded into your Snowflake table.
  • Amazon S3: Stage your data on an AWS S3 bucket.
  • Snowflake: Stage your data on a Snowflake internal stage.
  • Azure Storage: Stage your data in an Azure Blob Storage container.
  • Google Cloud Storage: Stage your data in a Google Cloud Storage bucket.

Advanced Settings

Poll Timeout
integer
required
The maximum amount of time in milliseconds that a consumer will await new messages when calling the poll() method if none are currently available. If messages are available, they are retrieved immediately. By setting a poll timeout, you can prevent consumers from continuously looping and consuming CPU resources.The default is 10,000 (ten thousand milliseconds).
Consumer Property Overrides
column editor
required
Modify or customize specific settings in your Kafka consumer configurations at runtime. You may wish to make use of this setting if you have default consumer setups but want to adjust certain properties for particular consumers without altering any global or shared configurations.
  • Property: The property whose value you wish to override. For example max.poll.records.
  • Value: The override value of the corresponding property. For example 50. This would limit how many records are returned on each poll to 50. You might wish to do this for performance optimization.
The following consumer properties are prohibited from being overridden for security reasons and/or performance concerns:
  • interceptor.classes
  • key.deserializer
  • metric.reporters
  • sasl.client.callback.handler.class
  • sasl.jaas.config
  • sasl.kerberos.kinit.cmd
  • sasl.kerberos.min.time.before.relogin
  • sasl.kerberos.service.name
  • sasl.kerberos.ticket.renew.jitter
  • sasl.kerberos.ticket.renew.window.factor
  • sasl.login.callback.handler.class
  • sasl.login.class
  • sasl.login.connect.timeout.ms
  • sasl.login.read.timeout.ms
  • sasl.login.refresh.buffer.seconds
  • sasl.login.refresh.min.period.seconds
  • sasl.login.refresh.window.factor
  • sasl.login.refresh.window.jitter
  • sasl.login.retry.backoff.max.ms
  • sasl.login.retry.backoff.ms
  • sasl.mechanism
  • sasl.oauthbearer.clock.skew.seconds
  • sasl.oauthbearer.expected.audience
  • sasl.oauthbearer.expected.issuer
  • sasl.oauthbearer.jwks.endpoint.refresh.ms
  • sasl.oauthbearer.jwks.endpoint.retry.backoff.max.ms
  • sasl.oauthbearer.jwks.endpoint.retry.backoff.ms
  • sasl.oauthbearer.jwks.endpoint.url
  • sasl.oauthbearer.scope.claim.name
  • sasl.oauthbearer.sub.claim.name
  • sasl.oauthbearer.token.endpoint.url
  • security.protocol
  • security.providers
  • ssl.cipher.suites
  • ssl.enabled.protocols
  • ssl.endpoint.identification.algorithm
  • ssl.engine.factory.class
  • ssl.key.password
  • ssl.keymanager.algorithm
  • ssl.keystore.certificate.chain
  • ssl.keystore.key
  • ssl.keystore.location
  • ssl.keystore.password
  • ssl.keystore.type
  • ssl.protocol
  • ssl.provider
  • ssl.secure.random.implementation
  • ssl.trustmanager.algorithm
  • ssl.truststore.certificates
  • ssl.truststore.location
  • ssl.truststore.password
  • ssl.truststore.type
  • value.deserializer

Parallel loading

Parallel loading is a technique to maximize data ingestion throughput by reading from a Kafka topic concurrently. Instead of a single Kafka component reading all data partition-by-partition, you can run multiple components in parallel, where each one processes a different subset of the topic’s partitions simultaneously. The effectiveness of parallel loading is directly limited by the number of partitions in your Kafka topic. So, if your topic has 8 partitions, you can run a maximum of 8 parallel Kafka components to read from it. The recommended method for implementing this is to use a Loop Iterator to run multiple instances of the Kafka component.

Deactivate soft delete for Azure blobs (Databricks)

If you intend to set your destination as Databricks and your stage platform as Azure Storage, you must turn off the “Enable soft delete for blobs” setting in your Azure account for your pipeline to run successfully. To do this:
  1. In the Azure portal, navigate to your storage account.
  2. In the menu, under Data management, click Data protection.
  3. Clear the Enable soft delete for blobs checkbox. For more information, read Soft delete for blobs.