Skip to main content
Version: 94.5
CommunityTeamEnterprise

Schema registry

Managed Service for Apache Kafka supports schemas in the following formats:

  • Apache Avro
  • Protocol Buffers (Protobuf)

The schema registry API doesn't support JSON.

The schema registry feature integrated within Managed Service for Apache Kafka lets you create, manage, and use these schemas with your Kafka clients. The schema registry implements the Confluent Schema Registry REST API, which is compatible with existing Apache Kafka applications and common client libraries.

Configuration

These environment variables configure your managed Schema Registry:

VariableDescription
SCHEMA_REGISTRY_NAMEHuman-readable name shown in the UI and logs for this Schema Registry.
SCHEMA_REGISTRY_URLEndpoint URL of the managed Schema Registry.
SCHEMA_REGISTRY_BEARER_AUTH_CUSTOM_PROVIDER_CLASSFully qualified class name for the custom bearer token provider. Use: com.google.cloud.hosted.kafka.auth.GcpBearerAuthCredentialProvider
SCHEMA_REGISTRY_BEARER_AUTH_CREDENTIALS_SOURCESpecifies how credentials are obtained. Use: CUSTOM

Required roles and permissions

As Kpow can be used to manage all Schema Registry resources (e.g., subjects, versions, compatibility settings), you can assign a role with full access to the Schema Registry directly to Kpow. This enables centralized and automated schema management.

To support this functionality, it's recommended to assign the Managed Kafka Schema Registry Admin role to the service account running Kpow.

For more granular or restricted access control, consider using Kpow's built-in User Authorization system to define fine-tuned permissions for individual users and actions.

Access control

User permissions to Kafka cluster resources are defined by Schema actions. See: User Authorization.

Limitations

Kpow's functionality may be impacted by the limitations of the managed schema registry.

Example configuration

## Kafka Cluster Configuration
ENVIRONMENT_NAME=GCP Kafka Cluster
BOOTSTRAP=bootstrap.<cluster-id>.<gcp-region>.managedkafka.<gcp-project-id>.cloud.goog:9092
SECURITY_PROTOCOL=SASL_SSL
SASL_MECHANISM=OAUTHBEARER
SASL_LOGIN_CALLBACK_HANDLER_CLASS=com.google.cloud.hosted.kafka.auth.GcpLoginCallbackHandler
SASL_JAAS_CONFIG=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;

## Schema Registry Configuration
SCHEMA_REGISTRY_NAME=GCP Schema Registry
SCHEMA_REGISTRY_URL=https://managedkafka.googleapis.com/v1/projects/<gcp-project-id>/locations/<gcp-region>/schemaRegistries/<registry-id>
SCHEMA_REGISTRY_BEARER_AUTH_CUSTOM_PROVIDER_CLASS=com.google.cloud.hosted.kafka.auth.GcpBearerAuthCredentialProvider
SCHEMA_REGISTRY_BEARER_AUTH_CREDENTIALS_SOURCE=CUSTOM

## Your License Details
LICENSE_ID=<license-id>
LICENSE_CODE=<license-code>
LICENSEE=<licensee>
LICENSE_EXPIRY=<license-expiry>
LICENSE_SIGNATURE=<license-signature>

Kpow will automatically detect and connect to your configured Kafka broker and Schema Registry.

Kpow Overview