Obtaining connection values for Apache Pulsar

This topic provides instructions to obtain the connection values for Apache Pulsar and to connect to App Connect.

Before you begin

Before you begin, ensure the following:
  • Apache Pulsar is deployed and running (standalone or in a Kubernetes cluster).
  • You have access to the Pulsar admin CLI (pulsar-admin).
  • You have appropriate permissions to create tenants and manage authentication.
Tip: For detailed instructions on generating connection values, see Authentication using HTTP basic (BASIC), Authentication using tokens based on JSON Web Tokens (BASIC JWT), Authentication using mTLS (MTLS), and How to set up a tenant on the Apache Pulsar documentation page.

Procedure

  1. To create a tenant (BASIC and BASIC JWT), complete the steps that follow:
    1. Run the following command to enter the container: 
      kubectl exec -it -n pulsar pulsar-mini-toolset-0 -- /bin/bash
    2. In the toolset container, create a tenant that is named my-tenant: 
      bin/pulsar-admin tenants create my-tenant
    3. List all tenants to confirm that the tenant was created successfully: 
      bin/pulsar-admin tenants list
      If the tenant is created successfully, the output includes the following:
      The tenant my-tenant has been successfully created.
"my-tenant"
"public"
"pulsar"
  2. To use symmetric key (secret key) encryption in Apache Pulsar (BASIC JWT), complete the following steps:
    1. Run the following command to create a secret key: 
      bin/pulsar tokens create-secret-key --output my-secret.key

      The command generates the my-secret.key file in the root of your Apache Pulsar installation directory.

    2. To generate the secret key in a specific location, provide an absolute path: 
      bin/pulsar tokens create-secret-key --output /opt/my-secret.key
    3. To create a base64-encoded version of the secret key, run: 
      bin/pulsar tokens create-secret-key --output my-secret.key --base64
  3. To use asymmetric key (private key and public key) encryption in Apache Pulsar (BASIC JWT), complete the following steps:
    1. Run the following command to create a private key and a public key: 
      bin/pulsar tokens create-key-pair --output-private-key my-private.key --output-public-key my-public.key

      The command generates the key files in the root of your Apache Pulsar installation directory.

    2. Copy the value of my-private.key and save it somewhere safe.
      Note:
      • Store the my-private.key file in a secure location. Only administrators should have access to this file to generate new tokens.
      • Share the my-public.key file with all Pulsar brokers. You can distribute this file publicly without security concerns.
  4. To generate a token or payload subject (BASIC JWT), complete one of the following procedures depending on your key type and requirements.
    Note: Tokens in Apache Pulsar do not have permissions by default. To enable authorization and assign permissions to a token, see Enable authorization and assign superusers.
    1. Run the following command to generate a token with the secret key a subject field: 
      bin/pulsar tokens create --secret-key file:///path/to/my-secret.key \
            --subject test-user
    2. Run the following command to generate a token by using a private key: 
      bin/pulsar tokens create --private-key file:///path/to/my-private.key \
            --subject test-user
    3. Run the following command to create a token that expires after a specified duration with the secret key: 
      bin/pulsar tokens create --secret-key file:///path/to/my-secret.key \
            --subject test-user \
            --expiry-time 1y