To connect to a Kafka instance via SSL with authentication via SASL you currently need to specify e.g. truststore parameters in the application's microprofile-config.properties file. Behind the scenes Kafka will then create an SSLContext which it in turn uses to create the SSLEngine for the consumer and producer (i.e. client) connections.

An example config that will work before this change is:

# General config to set up SASL over SSL
mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:9092
mp.messaging.connector.smallrye-kafka.sasl.mechanism=PLAIN
mp.messaging.connector.smallrye-kafka.security.protocol=SASL_SSL
mp.messaging.connector.smallrye-kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
  username="admin" \
  password="admin-secret";

# Truststore config
mp.messaging.connector.smallrye-kafka.ssl.truststore.location=/Users/kabir/temp/kafka_2.13-2.8.0/config/sasl-ssl/client.truststore.p12
mp.messaging.connector.smallrye-kafka.ssl.truststore.password=clientts

This RFE will allow the last two lines (i.e the properties defining the truststore location and password) to be replaced by

mp.messaging.connector.smallrye-kafka.wildfly.elytron.ssl.context=test

test is the name of an SSLContext defined by /subsystem=elytron/client-ssl-context=test

This allows us to use the standard SSLContext configuration mechanisms provided by the Elytron subsystem