Kroxylicious Record Encryption: Shifting the Trust Boundary

While "Encryption at Rest" is a standard checkbox for Apache Kafka® Vendors, it often leaves a glaring hole: if you don’t control the keys, you don’t truly own your data. In this video, we dive into how Kroxylicious Record Encryption enables you to shift the trust boundary back to your own infrastructure. By using a transparent proxy, you can implement a robust, centralized encryption policy that works across your entire Kafka ecosystem without touching a single line of client code. What we cover: - Data Sovereignty: How to encrypt data in Location A before it ever reaches a vendor in another jurisdiction. - The Transparent Proxy Advantage: Why a "zero-touch" approach for Java, Python, Go, and C++ clients is a great way to scale security. - Envelope Encryption: Why we don't just "move the secret" to the proxy, and how external KMS integration ensures the proxy isn't a single point of failure. - Centralized Policy: Moving away from the "wild west" of per-app encryption logic to a unified security posture. Chapters: 0:00 The Problem with Vendor Trust 0:51 Shifting the Trust Boundary 1:09 Solving the Polyglot Problem (No Code Changes) 1:19 Centralizing Your Security Policy 1:31 Envelope Encryption & KMS Integration 1:58 Conclusion: Take Back Control Learn more about Kroxylicious Record Encryption: Website: https://kroxylicious.io Record Encryption Quickstart: https://kroxylicious.io/quickstarts/ GitHub: https://github.com/kroxylicious/kroxylicious #Kafka #CyberSecurity #DataSovereignty #Kroxylicious #CloudSecurity #Encryption #ZeroTrust