├── .github
├── ISSUE_TEMPLATE
│ ├── community-edition--bug-report.md
│ ├── community-edition--feature-request.md
│ └── community-edition--support.md
└── workflows
│ ├── docker_clean.yml
│ ├── release.yml
│ ├── release_aws_only.yml
│ └── release_rc.yml
├── .gitignore
├── LICENSE
├── README.md
├── dockerfile
├── aws-mkt-lm
│ └── Dockerfile
├── aws-mkt-pro
│ └── Dockerfile
├── compat
│ └── Dockerfile
├── kpow-ce
│ └── Dockerfile
├── kpow
│ └── Dockerfile
├── rh-ubi
│ └── Dockerfile
└── temurin-ubi
│ └── Dockerfile
├── dockerhub
├── kpow-ce
│ └── README.md
└── kpow
│ └── README.md
├── docs
├── CNAME
├── changelog.edn
├── index.html
├── releases-ce.edn
├── releases-ee.edn
├── releases-v2.edn
└── releases.edn
├── resources
├── entrypoint.sh
└── eula.txt
├── scripts
├── build_all.sh
├── build_amd64.sh
├── dockerhub_readme_kpow.clj
├── dockerhub_readme_kpow_ce.clj
├── jar.sh
├── rc_release_check.sh
├── release.clj
└── release_number_check.sh
└── secure-config
└── README.md
/.github/ISSUE_TEMPLATE/community-edition--bug-report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: 'Community Edition: Bug report'
3 | about: Create a report to help us improve Kpow
4 | title: ''
5 | labels: ce-bug
6 | assignees: wavejumper, d-t-w
7 |
8 | ---
9 |
10 | **Version of Kpow**
11 | The version of Kpow you are running
12 |
13 | **Describe the bug**
14 | A clear and concise description of what the bug is.
15 |
16 | **To Reproduce**
17 | Steps to reproduce the behavior:
18 | 1. Go to '...'
19 | 2. Click on '....'
20 | 3. Scroll down to '....'
21 | 4. See error
22 |
23 | **Expected behavior**
24 | A clear and concise description of what you expected to happen.
25 |
26 | **Screenshots**
27 | If applicable, add screenshots to help explain your problem.
28 |
29 | **Environment (please complete the following information):**
30 | - OS: [e.g. MacOS]
31 | - Browser [e.g. chrome, safari]
32 | - Docker/Kube/Java versions
33 |
34 | **Additional context**
35 | Add any other context about the problem here.
36 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/community-edition--feature-request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: 'Community Edition: Feature request'
3 | about: Suggest an idea for Kpow
4 | title: ''
5 | labels: ce-feature
6 | assignees: wavejumper, d-t-w
7 |
8 | ---
9 |
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 |
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 |
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 |
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/community-edition--support.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: 'Community Edition: Support'
3 | about: Having trouble with Kpow? Raise a support issue to get started
4 | title: ''
5 | labels: ce-support
6 | assignees: wavejumper, d-t-w
7 |
8 | ---
9 |
10 | **Version of Kpow**
11 | The version of Kpow you are running
12 |
13 | **Describe the issue**
14 | A clear and concise description of the issue
15 |
16 | **Additional context**
17 | Add any other context about the problem here.
18 |
--------------------------------------------------------------------------------
/.github/workflows/docker_clean.yml:
--------------------------------------------------------------------------------
1 | name: Clean up GitHub docker packages
2 | on:
3 | workflow_dispatch:
4 | inputs:
5 | num:
6 | description: 'Number of old versions to delete'
7 | required: true
8 | jobs:
9 | CleanUpDockerPackages:
10 | runs-on: ubuntu-latest
11 | name: Clean up GitHub Docker Packages
12 | steps:
13 | - name: cleanup
14 | uses: actions/delete-package-versions@v1
15 | with:
16 | package-name: kpow
17 | num-old-versions-to-delete: ${{github.event.inputs.num}}
18 | token: ${{ secrets.GITHUB_TOKEN }}
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | name: Release Kpow
2 |
3 | on:
4 | workflow_dispatch:
5 | inputs:
6 | version:
7 | description: 'Version of Kpow'
8 | required: true
9 | manifest:
10 | description: 'URL of Manifest'
11 | required: true
12 | release_number_bump:
13 | description: 'I have updated system.clj release number!'
14 | required: true
15 | default: 'false'
16 |
17 | # These permissions are needed to interact with GitHub's OIDC Token endpoint.
18 | permissions:
19 | id-token: write
20 | contents: write
21 | packages: write
22 |
23 | jobs:
24 | build:
25 | runs-on: ubuntu-latest
26 | steps:
27 | - uses: actions/checkout@v4
28 |
29 | - name: Check that we have bumped release number
30 | run: |
31 | ./scripts/release_number_check.sh ${{github.event.inputs.release_number_bump}}
32 |
33 | - name: Configure AWS Credentials (OIDC)
34 | uses: aws-actions/configure-aws-credentials@v4
35 | with:
36 | role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
37 | aws-region: us-east-1
38 |
39 | - name: Log into DockerHub registry
40 | run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
41 |
42 | - name: Download and verify JAR(s)
43 | run: |
44 | ./scripts/jar.sh "${{github.event.inputs.manifest}}"
45 |
46 | - name: Login to DockerHub
47 | uses: docker/login-action@v3
48 | with:
49 | username: ${{ secrets.DOCKER_USER }}
50 | password: ${{ secrets.DOCKER_TOKEN }}
51 |
52 | - name: Log into GitHub packages
53 | run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
54 |
55 | - name: Release Kpow JDK11 JAR
56 | run: |
57 | VERSION=${{github.event.inputs.version}}
58 | VERSION="${VERSION//./-}"
59 | aws s3 cp target/kpow-java11-standalone.jar s3://${{ secrets.RELEASES_BUCKET }}/kpow-$VERSION-java11.jar
60 |
61 | - name: Release Kpow JDK8 JAR
62 | run: |
63 | VERSION=${{github.event.inputs.version}}
64 | VERSION="${VERSION//./-}"
65 | aws s3 cp target/kpow-java8-standalone.jar s3://${{ secrets.RELEASES_BUCKET }}/kpow-$VERSION-java8.jar
66 |
67 | - name: Release Kpow JDK17 JAR
68 | run: |
69 | VERSION=${{github.event.inputs.version}}
70 | VERSION="${VERSION//./-}"
71 | aws s3 cp target/kpow-java17-standalone.jar s3://${{ secrets.RELEASES_BUCKET }}/kpow-$VERSION-java17.jar
72 |
73 | - name: Release Kpow JDK8 Community JAR
74 | run: |
75 | VERSION=${{github.event.inputs.version}}
76 | VERSION="${VERSION//./-}"
77 | aws s3 cp target/kpow-ce-java8-standalone.jar s3://${{ secrets.RELEASES_BUCKET }}/kpow-ce-$VERSION-java8.jar
78 |
79 | - name: Release Dependency Check Report
80 | run: |
81 | VERSION=${{github.event.inputs.version}}
82 | VERSION="${VERSION//./-}"
83 | tar xzf kpow-enterprise-nvd-report.tar.gz
84 | cd kpow-enterprise-nvd-report
85 | mv *.html index.html
86 | aws s3 cp index.html s3://${{ secrets.RELEASES_BUCKET }}/kpow-dependency-check-report-$VERSION.html
87 |
88 | -
89 | # Add support for more platforms with QEMU (optional)
90 | # https://github.com/docker/setup-qemu-action
91 | name: Set up QEMU
92 | uses: docker/setup-qemu-action@v3
93 | -
94 | name: Set up Docker Buildx
95 | uses: docker/setup-buildx-action@v3
96 |
97 | - name: Build Kpow AWS Marketplace Annual
98 | run: |
99 | VERSION=${{github.event.inputs.version}}
100 | IMAGE_ID=ghcr.io/factorhouse/kpow/kpow
101 | IMAGE_TAG=$VERSION-aws-mkt-lm
102 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/aws-mkt-lm/Dockerfile
103 |
104 | - name: Build Kpow AWS Marketplace Hourly
105 | run: |
106 | VERSION=${{github.event.inputs.version}}
107 | IMAGE_ID=ghcr.io/factorhouse/kpow/kpow
108 | IMAGE_TAG=$VERSION-aws-mkt-pro
109 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/aws-mkt-pro/Dockerfile
110 |
111 | - name: Build Kpow
112 | run: |
113 | VERSION=${{github.event.inputs.version}}
114 | IMAGE_ID=factorhouse/kpow
115 | IMAGE_TAG=$VERSION
116 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/kpow/Dockerfile
117 |
118 | - name: Build Kpow (latest)
119 | run: |
120 | VERSION=${{github.event.inputs.version}}
121 | IMAGE_ID=factorhouse/kpow
122 | IMAGE_TAG=latest
123 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/kpow/Dockerfile
124 |
125 | - name: Build Kpow Red Hat UBI
126 | run: |
127 | VERSION=${{github.event.inputs.version}}
128 | IMAGE_ID=factorhouse/kpow
129 | IMAGE_TAG=$VERSION-rh-ubi
130 | ./scripts/build_amd64.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/rh-ubi/Dockerfile
131 |
132 | - name: Build Kpow Temurin UBI
133 | run: |
134 | VERSION=${{github.event.inputs.version}}
135 | IMAGE_ID=factorhouse/kpow
136 | IMAGE_TAG=$VERSION-temurin-ubi
137 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/temurin-ubi/Dockerfile
138 |
139 |
140 | - name: Build Kpow (Compat)
141 | run: |
142 | VERSION=${{github.event.inputs.version}}
143 | IMAGE_ID=factorhouse/kpow
144 | IMAGE_TAG=$VERSION-compat
145 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/compat/Dockerfile
146 |
147 | - name: Build Kpow Community
148 | run: |
149 | NEXT_RELEASE=${{github.event.inputs.version}}
150 | docker buildx build -f ./dockerfile/kpow-ce/Dockerfile --platform=linux/amd64,linux/arm64 --sbom=true --provenance=true -t factorhouse/kpow-ce:latest --push .
151 | docker buildx build -f ./dockerfile/kpow-ce/Dockerfile --platform=linux/amd64,linux/arm64 --sbom=true --provenance=true -t factorhouse/kpow-ce:$NEXT_RELEASE --push .
152 |
153 | - name: Deploy OpenAPI spec
154 | run: |
155 | VERSION=${{github.event.inputs.version}}
156 | VERSION="${VERSION//./-}"
157 | aws s3 cp target/kpow-enterprise-openapi.json s3://${{ secrets.RELEASES_BUCKET }}/kpow-enterprise-openapi-$VERSION.json \
158 | --cache-control no-cache --content-type application/json
159 |
160 | - name: Install babashka
161 | run: sudo bash < <(curl -s https://raw.githubusercontent.com/babashka/babashka/master/install)
162 | - name: Update releases-ee.edn
163 | run: ./scripts/release.clj ${{github.event.inputs.version}} releases-ee.edn
164 | - name: Update releases-v2.edn
165 | run: ./scripts/release.clj ${{github.event.inputs.version}} releases-v2.edn
166 | - name: Update dockerhub/kpow/README.md
167 | run: echo ${{github.event.inputs.version}} | ./scripts/dockerhub_readme_kpow.clj
168 | - name: Deploy Manifest to s3
169 | run: |
170 | aws s3 cp docs/releases-ee.edn s3://${{ secrets.RELEASES_BUCKET }}/releases-kpow-ee.edn \
171 | --cache-control no-cache --content-type application/edn
172 | - name: Update releases-ce.edn
173 | run: ./scripts/release.clj ${{github.event.inputs.version}} releases-ce.edn
174 | - name: Update dockerhub/kpow-ce/README.md
175 | run: echo ${{github.event.inputs.version}} | ./scripts/dockerhub_readme_kpow_ce.clj
176 | - name: Deploy Manifest to s3 (community)
177 | run: |
178 | aws s3 cp docs/releases-ce.edn s3://${{ secrets.RELEASES_BUCKET }}/releases-kpow-ce.edn \
179 | --cache-control no-cache --content-type application/edn
180 | - name: Commit and push
181 | run: |
182 | git config user.name "github-actions[bot]"
183 | git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
184 | git commit -am "Release ${{github.event.inputs.version}}"
185 | git push origin main
186 | - name: Create GitHub Release
187 | uses: softprops/action-gh-release@v2
188 | with:
189 | tag_name: ${{github.event.inputs.version}}
190 | name: ${{github.event.inputs.version}}
191 | body: "Visit https://factorhouse.io/blog/releases for release details"
192 | draft: false
193 | prerelease: false
194 |
--------------------------------------------------------------------------------
/.github/workflows/release_aws_only.yml:
--------------------------------------------------------------------------------
1 | name: Release Kpow (AWS builds only)
2 |
3 | on:
4 | workflow_dispatch:
5 | inputs:
6 | version:
7 | description: 'Version of Kpow'
8 | required: true
9 | manifest:
10 | description: 'URL of Manifest'
11 | required: true
12 | release_number_bump:
13 | description: 'I have updated system.clj release number!'
14 | required: true
15 | default: 'false'
16 |
17 | jobs:
18 | build:
19 | runs-on: ubuntu-latest
20 | steps:
21 | - uses: actions/checkout@v4
22 |
23 | - name: Check that we have bumped release number
24 | run: |
25 | ./scripts/release_number_check.sh ${{github.event.inputs.release_number_bump}}
26 |
27 | - name: Log into registry
28 | run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
29 |
30 | - name: Download and verify JAR(s)
31 | run: |
32 | ./scripts/jar.sh "${{github.event.inputs.manifest}}"
33 |
34 | - name: Login to DockerHub
35 | uses: docker/login-action@v3
36 | with:
37 | username: ${{ secrets.DOCKER_USER }}
38 | password: ${{ secrets.DOCKER_TOKEN }}
39 |
40 | - name: Log into GitHub packages
41 | run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
42 |
43 | # Add support for more platforms with QEMU (optional)
44 | # https://github.com/docker/setup-qemu-action
45 | - name: Set up QEMU
46 | uses: docker/setup-qemu-action@v3
47 |
48 | - name: Set up Docker Buildx
49 | uses: docker/setup-buildx-action@v3
50 |
51 | - name: Build Kpow AWS Marketplace Annual (EE)
52 | run: |
53 | VERSION=${{github.event.inputs.version}}
54 | IMAGE_ID=factorhouse/kpow
55 | IMAGE_TAG=$VERSION-aws-mkt-lm
56 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/aws-mkt-lm/Dockerfile
57 |
58 | - name: Build Kpow AWS Marketplace Hourly (SE)
59 | run: |
60 | VERSION=${{github.event.inputs.version}}
61 | IMAGE_ID=factorhouse/kpow
62 | IMAGE_TAG=$VERSION-aws-mkt-pro
63 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/aws-mkt-pro/Dockerfile
64 |
--------------------------------------------------------------------------------
/.github/workflows/release_rc.yml:
--------------------------------------------------------------------------------
1 | name: Deploy RC to DockerHub
2 | on:
3 | workflow_dispatch:
4 | inputs:
5 | version:
6 | description: 'Version of Kpow'
7 | required: true
8 | manifest:
9 | description: 'URL of Manifest'
10 | required: true
11 |
12 | # These permissions are needed to interact with GitHub's OIDC Token endpoint.
13 | permissions:
14 | id-token: write
15 | contents: write
16 | packages: write
17 |
18 | jobs:
19 | DeployRC:
20 | runs-on: ubuntu-latest
21 | name: Release RC
22 | steps:
23 | - uses: actions/checkout@v4
24 | - name: Verify RC version input
25 | run: |
26 | ./scripts/rc_release_check.sh ${{github.event.inputs.version}}
27 | - name: Configure AWS Credentials (OIDC)
28 | uses: aws-actions/configure-aws-credentials@v4
29 | with:
30 | role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
31 | aws-region: us-east-1
32 | - name: Login to DockerHub
33 | uses: docker/login-action@v3
34 | with:
35 | username: ${{ secrets.DOCKER_USER }}
36 | password: ${{ secrets.DOCKER_TOKEN }}
37 | - name: Download and verify JAR(s)
38 | run: |
39 | ./scripts/jar.sh "${{github.event.inputs.manifest}}"
40 | - name: Release Kpow JDK11 JAR
41 | run: |
42 | VERSION=${{github.event.inputs.version}}
43 | VERSION="${VERSION//./-}"
44 | aws s3 cp target/kpow-java11-standalone.jar s3://${{ secrets.RELEASES_BUCKET }}/kpow-$VERSION-java11.jar
45 | - name: Release Kpow JDK8 JAR
46 | run: |
47 | VERSION=${{github.event.inputs.version}}
48 | VERSION="${VERSION//./-}"
49 | aws s3 cp target/kpow-java8-standalone.jar s3://${{ secrets.RELEASES_BUCKET }}/kpow-$VERSION-java8.jar
50 | - name: Release Kpow JDK17 JAR
51 | run: |
52 | VERSION=${{github.event.inputs.version}}
53 | VERSION="${VERSION//./-}"
54 | aws s3 cp target/kpow-java17-standalone.jar s3://${{ secrets.RELEASES_BUCKET }}/kpow-$VERSION-java17.jar
55 | -
56 | # Add support for more platforms with QEMU (optional)
57 | # https://github.com/docker/setup-qemu-action
58 | name: Set up QEMU
59 | uses: docker/setup-qemu-action@v3
60 | -
61 | name: Set up Docker Buildx
62 | uses: docker/setup-buildx-action@v3
63 | - name: Build Kpow
64 | run: |
65 | VERSION=${{github.event.inputs.version}}
66 | IMAGE_ID=factorhouse/kpow
67 | IMAGE_TAG=$VERSION
68 | ./scripts/build_all.sh $VERSION $IMAGE_ID $IMAGE_TAG dockerfile/kpow/Dockerfile
69 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.jar
2 | workspace.code-workspace
3 | target/
4 | manifest
5 | *.iml
6 | .idea
7 | .DS_Store
8 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | [](https://github.com/factorhouse/kpow/actions/workflows/release.yml)
2 | 
3 | 
4 | [](https://artifacthub.io/packages/helm/factor-house/kpow)
5 |
6 | # Kpow for Apache Kafka
7 |
8 | [Kpow](https://factorhouse.io/kpow) - The Ultimate Engineering Toolkit for [Apache Kafka®](http://kafka.apache.org/)
9 |
10 | See the [Changelog](https://factorhouse.io/kpow/changelog) for release information or [our blog](https://factorhouse.io/blog/releases/) for full notes on each release and JAR artefacts.
11 |
12 | Kpow is an Enterprise-grade toolkit for engineers working with Apache Kafka that:
13 |
14 | * Ships as a single docker-container or JAR file
15 | * You deploy and secure like any other Enterprise web-application
16 | * Runs air-gapped with all information stored within your Kafka cluster(s)
17 | * Is trusted by the world's largest companies, from publishing to payments networks
18 | * Has a simple, transparent pricing structure
19 | * Is built and supported by an engineering-lead team deeply experienced in Kafka delivery
20 |
21 | The Kpow image is available directly from [Docker Hub](https://hub.docker.com/r/factorhouse/kpow). Images are built using [GitHub Actions](https://github.com/factorhouse/kpow/actions/workflows/release.yml).
22 |
23 | # Usage
24 |
25 | Visit our [Get Started](https://factorhouse.io/kpow/get-started) page to learn more about Kpow.
26 |
27 | ## Community Edition
28 |
29 | The free version of Kpow can be found here:
30 |
31 | ```
32 | docker pull factorhouse/kpow-ce:94.1
33 | ```
34 |
35 | ## Enterprise Edition
36 |
37 | Paying customers using the Enterprise Edition can use the following Docker image:
38 |
39 | ```
40 | docker pull factorhouse/kpow:94.1
41 | ```
42 |
43 | Instructions on how to start a 30-day free trial of Kpow can be found [here](https://factorhouse.io/kpow/get-started).
44 |
45 | # Documentation
46 |
47 | Kpow's documentation is available at [https://docs.factorhouse.io/kpow-ee/](https://docs.factorhouse.io/kpow-ee/).
48 |
49 | # Local Development with Docker Compose
50 |
51 | See [kpow-local](https://github.com/factorhouse/kpow-local) to get started with local Kpow and a 3-node Kafka cluster in Docker Compose.
52 |
53 | # Quick Starts
54 |
55 | Running in ECS / EKS / Fargate / EC2 / Kubernetes? See our [Helm Charts](https://github.com/factorhouse/kpow-helm-charts).
56 |
57 | # License
58 |
59 | Kpow is proprietary software. Kpow's EULA can be found [here](https://github.com/factorhouse/kpow/blob/main/resources/eula.txt) or at [https://factorhouse.io/kpow/eula/](https://factorhouse.io/kpow/eula/)
60 |
61 | This repository is distributed under the Apache 2.0 License.
62 |
63 | Copyright (c) [Factor House](https://factorhouse.io)
64 |
--------------------------------------------------------------------------------
/dockerfile/aws-mkt-lm/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM amazoncorretto:17.0.15
2 |
3 | ARG VERSION
4 | ARG RELEASE
5 |
6 | LABEL name="Kpow for Apache Kafka" \
7 | maintainer="support@factorhouse.io" \
8 | vendor="Factor House" \
9 | version=$VERSION \
10 | release=$RELEASE \
11 | summary="Kpow is a toolkit for engineers who build, manage, and maintain systems powered by Apache Kafka." \
12 | description="Kpow features a rich data-oriented UI, specialized dashboards that deliver instant visibility into Kafka Clusters, Schema Registries, and Connect Installations, and developer tools that allow engineers to get to the heart of their systems quickly."
13 |
14 | COPY resources/eula.txt /licenses/eula.txt
15 | COPY target/kpow-aws-mkt-lm-standalone.jar /opt/factorhouse/lib/kpow.jar
16 | COPY resources/entrypoint.sh /usr/local/bin/kpow.sh
17 |
18 | EXPOSE 3000
19 |
20 | RUN yum install shadow-utils -y
21 |
22 | RUN groupadd -g 1001 factorhouse && \
23 | useradd -r -u 1001 -g factorhouse factorhouse
24 |
25 | RUN mkdir -p /opt/factorhouse/tmp
26 | RUN chown -R factorhouse:factorhouse /opt/factorhouse
27 |
28 | RUN yum remove shadow-utils -y
29 |
30 | USER factorhouse
31 |
32 | ENV CORE_ASYNC_POOL_SIZE=8
33 | ENV JVM_OPTS="-server -Dorg.xerial.snappy.tempdir=/opt/factorhouse/tmp -Dclojure.core.async.pool-size=$CORE_ASYNC_POOL_SIZE -XX:MaxInlineLevel=15 -Djava.awt.headless=true -XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70"
34 |
35 | CMD ["/usr/local/bin/kpow.sh"]
36 |
--------------------------------------------------------------------------------
/dockerfile/aws-mkt-pro/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM amazoncorretto:17.0.15
2 |
3 | ARG VERSION
4 | ARG RELEASE
5 |
6 | LABEL name="Kpow for Apache Kafka" \
7 | maintainer="support@factorhouse.io" \
8 | vendor="Factor House" \
9 | version=$VERSION \
10 | release=$RELEASE \
11 | summary="Kpow is a toolkit for engineers who build, manage, and maintain systems powered by Apache Kafka." \
12 | description="Kpow features a rich data-oriented UI, specialized dashboards that deliver instant visibility into Kafka Clusters, Schema Registries, and Connect Installations, and developer tools that allow engineers to get to the heart of their systems quickly."
13 |
14 | COPY resources/eula.txt /licenses/eula.txt
15 | COPY target/kpow-aws-mkt-pro-standalone.jar /opt/factorhouse/lib/kpow.jar
16 | COPY resources/entrypoint.sh /usr/local/bin/kpow.sh
17 |
18 | EXPOSE 3000
19 |
20 | RUN yum install shadow-utils -y
21 |
22 | RUN groupadd -g 1001 factorhouse && \
23 | useradd -r -u 1001 -g factorhouse factorhouse
24 |
25 | RUN mkdir -p /opt/factorhouse/tmp
26 | RUN chown -R factorhouse:factorhouse /opt/factorhouse
27 |
28 | RUN yum remove shadow-utils -y
29 |
30 | USER factorhouse
31 |
32 | ENV CORE_ASYNC_POOL_SIZE=8
33 | ENV JVM_OPTS="-server -Dorg.xerial.snappy.tempdir=/opt/factorhouse/tmp -Dclojure.core.async.pool-size=$CORE_ASYNC_POOL_SIZE -XX:MaxInlineLevel=15 -Djava.awt.headless=true -XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70"
34 |
35 | CMD ["/usr/local/bin/kpow.sh"]
36 |
--------------------------------------------------------------------------------
/dockerfile/compat/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM amazoncorretto:17.0.15
2 |
3 | ARG VERSION
4 | ARG RELEASE
5 |
6 | LABEL name="Kpow for Apache Kafka" \
7 | maintainer="support@factorhouse.io" \
8 | vendor="Factor House" \
9 | version=$VERSION \
10 | release=$RELEASE \
11 | summary="Kpow is a toolkit for engineers who build, manage, and maintain systems powered by Apache Kafka." \
12 | description="Kpow features a rich data-oriented UI, specialized dashboards that deliver instant visibility into Kafka Clusters, Schema Registries, and Connect Installations, and developer tools that allow engineers to get to the heart of their systems quickly."
13 |
14 | RUN yum install shadow-utils -y
15 |
16 | RUN groupadd -g 999 kpow && \
17 | useradd -r -u 999 -g kpow kpow
18 |
19 | RUN yum remove shadow-utils -y
20 |
21 | COPY resources/eula.txt /licenses/eula.txt
22 | COPY target/kpow-java17-standalone.jar /opt/operatr/lib/kpow.jar
23 |
24 | USER kpow
25 |
26 | ENV CORE_ASYNC_POOL_SIZE=8
27 | ENV JVM_OPTS="-server -Dclojure.core.async.pool-size=$CORE_ASYNC_POOL_SIZE -XX:MaxInlineLevel=15 -Djava.awt.headless=true -XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70 --add-opens=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xerces.internal.jaxp=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xerces.internal.util=ALL-UNNAMED"
28 |
29 | EXPOSE 3000
30 |
31 | CMD java $JVM_OPTS -jar /opt/operatr/lib/kpow.jar
32 |
--------------------------------------------------------------------------------
/dockerfile/kpow-ce/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM amazoncorretto:17.0.15
2 |
3 | ARG VERSION
4 | ARG RELEASE
5 |
6 | LABEL name="Kpow for Apache Kafka" \
7 | maintainer="support@factorhouse.io" \
8 | vendor="Factor House" \
9 | version=$VERSION \
10 | release=$RELEASE \
11 | summary="Kpow is a toolkit for engineers who build, manage, and maintain systems powered by Apache Kafka." \
12 | description="Kpow features a rich data-oriented UI, specialized dashboards that deliver instant visibility into Kafka Clusters, Schema Registries, and Connect Installations, and developer tools that allow engineers to get to the heart of their systems quickly."
13 |
14 | COPY resources/eula.txt /licenses/eula.txt
15 | COPY target/kpow-ce-standalone.jar /opt/factorhouse/lib/kpow.jar
16 | COPY resources/entrypoint.sh /usr/local/bin/kpow.sh
17 |
18 | RUN mkdir -p /opt/factorhouse/config/kpow
19 | RUN mkdir -p /opt/factorhouse/tmp
20 |
21 | EXPOSE 3000
22 |
23 | RUN yum install shadow-utils -y
24 |
25 | RUN groupadd -g 1001 factorhouse && \
26 | useradd -r -u 1001 -g factorhouse factorhouse
27 |
28 | RUN chown -R factorhouse:factorhouse /opt/factorhouse
29 |
30 | RUN yum remove shadow-utils -y
31 |
32 | USER factorhouse
33 |
34 | ENV CORE_ASYNC_POOL_SIZE=8
35 | ENV CONFIG_DIR=/opt/factorhouse/config/kpow
36 | ENV JVM_OPTS="-server -Dorg.xerial.snappy.tempdir=/opt/factorhouse/tmp -Dclojure.core.async.pool-size=$CORE_ASYNC_POOL_SIZE -XX:MaxInlineLevel=15 -Djava.awt.headless=true -XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70"
37 |
38 | CMD ["/usr/local/bin/kpow.sh"]
39 |
--------------------------------------------------------------------------------
/dockerfile/kpow/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM amazoncorretto:17.0.15
2 |
3 | ARG VERSION
4 | ARG RELEASE
5 |
6 | LABEL name="Kpow for Apache Kafka" \
7 | maintainer="support@factorhouse.io" \
8 | vendor="Factor House" \
9 | version=$VERSION \
10 | release=$RELEASE \
11 | summary="Kpow is a toolkit for engineers who build, manage, and maintain systems powered by Apache Kafka." \
12 | description="Kpow features a rich data-oriented UI, specialized dashboards that deliver instant visibility into Kafka Clusters, Schema Registries, and Connect Installations, and developer tools that allow engineers to get to the heart of their systems quickly."
13 |
14 | COPY resources/eula.txt /licenses/eula.txt
15 | COPY target/kpow-java17-standalone.jar /opt/factorhouse/lib/kpow.jar
16 | COPY resources/entrypoint.sh /usr/local/bin/kpow.sh
17 |
18 | EXPOSE 3000
19 |
20 | RUN yum install shadow-utils -y
21 |
22 | RUN groupadd -g 1001 factorhouse && \
23 | useradd -r -u 1001 -g factorhouse factorhouse
24 |
25 | RUN mkdir -p /opt/factorhouse/tmp
26 | RUN chown -R factorhouse:factorhouse /opt/factorhouse
27 |
28 | RUN yum remove shadow-utils -y
29 |
30 | USER factorhouse
31 |
32 | ENV CORE_ASYNC_POOL_SIZE=8
33 | ENV JVM_OPTS="-server -Dorg.xerial.snappy.tempdir=/opt/factorhouse/tmp -Dclojure.core.async.pool-size=$CORE_ASYNC_POOL_SIZE -XX:MaxInlineLevel=15 -Djava.awt.headless=true -XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70"
34 |
35 | CMD ["/usr/local/bin/kpow.sh"]
36 |
--------------------------------------------------------------------------------
/dockerfile/rh-ubi/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM registry.access.redhat.com/ubi8/openjdk-17:1.21-1.1744797574
2 |
3 | ARG VERSION
4 | ARG RELEASE
5 |
6 | LABEL name="Kpow for Apache Kafka" \
7 | maintainer="support@factorhouse.io" \
8 | vendor="Factor House" \
9 | version=$VERSION \
10 | release=$RELEASE \
11 | summary="Kpow is a toolkit for engineers who build, manage, and maintain systems powered by Apache Kafka." \
12 | description="Kpow features a rich data-oriented UI, specialized dashboards that deliver instant visibility into Kafka Clusters, Schema Registries, and Connect Installations, and developer tools that allow engineers to get to the heart of their systems quickly."
13 |
14 | USER 0
15 |
16 | ADD --chmod=044 resources/eula.txt /licenses/eula.txt
17 | ADD --chmod=044 target/kpow-java17-standalone.jar /opt/factorhouse/lib/kpow.jar
18 | ADD --chmod=044 resources/entrypoint.sh /usr/local/bin/kpow.sh
19 |
20 | RUN groupadd -g 1001 factorhouse && \
21 | useradd -r -u 1001 -g factorhouse factorhouse
22 |
23 | RUN mkdir -p /opt/factorhouse/tmp
24 | RUN chown -R factorhouse:factorhouse /opt/factorhouse
25 |
26 | EXPOSE 3000
27 | USER factorhouse
28 |
29 | ENV CORE_ASYNC_POOL_SIZE=8
30 | ENV JVM_OPTS="-server -Dorg.xerial.snappy.tempdir=/opt/factorhouse/tmp -Dclojure.core.async.pool-size=$CORE_ASYNC_POOL_SIZE -XX:MaxInlineLevel=15 -Djava.awt.headless=true -XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70"
31 | CMD ["/usr/local/bin/kpow.sh"]
32 |
--------------------------------------------------------------------------------
/dockerfile/temurin-ubi/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM eclipse-temurin:17-ubi9-minimal
2 |
3 | ARG VERSION
4 | ARG RELEASE
5 |
6 | LABEL name="Kpow for Apache Kafka" \
7 | maintainer="support@factorhouse.io" \
8 | vendor="Factor House" \
9 | version=$VERSION \
10 | release=$RELEASE \
11 | summary="Kpow is a toolkit for engineers who build, manage, and maintain systems powered by Apache Kafka." \
12 | description="Kpow features a rich data-oriented UI, specialized dashboards that deliver instant visibility into Kafka Clusters, Schema Registries, and Connect Installations, and developer tools that allow engineers to get to the heart of their systems quickly."
13 |
14 | COPY resources/eula.txt /licenses/eula.txt
15 | COPY target/kpow-java17-standalone.jar /opt/factorhouse/lib/kpow.jar
16 | COPY resources/entrypoint.sh /usr/local/bin/kpow.sh
17 |
18 | RUN groupadd -g 1001 factorhouse && \
19 | useradd -r -u 1001 -g factorhouse factorhouse
20 |
21 | RUN mkdir -p /opt/factorhouse/tmp
22 | RUN chown -R factorhouse:factorhouse /opt/factorhouse
23 |
24 | EXPOSE 3000
25 | USER factorhouse
26 |
27 | ENV CORE_ASYNC_POOL_SIZE=8
28 | ENV JVM_OPTS="-server -Dorg.xerial.snappy.tempdir=/opt/factorhouse/tmp -Dclojure.core.async.pool-size=$CORE_ASYNC_POOL_SIZE -XX:MaxInlineLevel=15 -Djava.awt.headless=true -XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70"
29 | CMD ["/usr/local/bin/kpow.sh"]
30 |
--------------------------------------------------------------------------------
/dockerhub/kpow-ce/README.md:
--------------------------------------------------------------------------------
1 | [](https://github.com/factorhouse/kpow/actions/workflows/release.yml)
2 |
3 | Dockerfile for [Kpow](https://kpow.io) - The Ultimate Engineering Toolkit for [Apache Kafka®](https://kafka.apache.org/)
4 |
5 | **Note**: This repository is for the free [Community Edition](https://kpow.io/pricing) of Kpow.
6 |
7 | For paying customers:
8 |
9 | * The Enterprise Edition DockerHub repository can be found at [factorhouse/kpow](https://hub.docker.com/r/factorhouse/kpow)
10 |
11 | View [Features](https://kpow.io/features) to compare editions or buy a license.
12 |
13 | # Quick reference
14 |
15 | * **Maintained by**: [the Factor House team](https://github.com/factorhouse/kpow)
16 | * **Where to get help**: [GitHub](https://github.com/factorhouse/kpow), [Kpow documentation](http://docs.kpow.io/), [Support Hub](https://kpow.io/support)
17 |
18 | # Supported tags respective `Dockerfile` links
19 |
20 | Kpow support both `linux/amd64` and `linux/arm64` architectures.
21 |
22 |
23 |
24 | * [94.2, latest](https://github.com/factorhouse/kpow/blob/main/dockerfile/kpow-ce/Dockerfile)
25 |
26 |
27 |
28 | # Quick reference (cont.)
29 |
30 | * **Where to file issues:** https://github.com/factorhouse/kpow/issues
31 | * **Published image artifact details:** [GitHub actions CI](https://github.com/factorhouse/kpow/actions/workflows/build.yml)
32 | * **Image updates**: https://github.com/factorhouse/kpow/tags
33 | * **Source of this description**: [dockerhub/kpow-ce/README.md](https://github.com/factorhouse/kpow/blob/main/dockerhub/kpow-ce/README.md)
34 |
35 | # What is Kpow?
36 |
37 | ### An Engineering Toolkit for Apache Kafka®
38 |
39 | Kpow is the toolkit that empowers your team to deliver with Kafka.
40 |
41 | Once installed, Kpow gathers information about your Kafka resources every minute, stores the results locally in internal topics, then provides custom telemetry and insights to you in a rich data-oriented UI.
42 |
43 | ### X-Ray Vision of Kafka Resources
44 |
45 | Gain instant visibility of your brokers, topics, groups, partitions, offsets, and more.
46 |
47 | Kpow offers full support for controlling and monitoring Kafka Connect clusters and Schema Registries.
48 |
49 | 
50 |
51 | ### Deep Data Inspect with kJQ
52 |
53 | Search **tens of thousands of messages a second** with Kpow’s unique, custom implementation of JQ-like queries for Kafka topics.
54 |
55 | **kJQ** works with JSON or JSON-like data including Apache Avro®, Transit, EDN, and even Protobuf messages where you have configured custom serdes to output JSON formatted text.
56 |
57 | 
58 |
59 | ### Compute Console to Control and Monitor Streams
60 |
61 | Brokers, topics, and the data on them tell only one part of the Kafka story.
62 |
63 | Kpow Compute provides access to your consumer \(and soon, _Kafka Streams_\) topologies allowing **visualization of message throughput and lag** at point of consumption and the ability to **reset consumption** at a group, host, member, topic, or assignment level.
64 |
65 | 
66 |
67 | ### Built for the Enterprise
68 |
69 | Kpow comes from a practical application of Kafka to real-world requirements and provides:
70 |
71 | * **User Authentication** via DB, File, LDAP, SAML, or OpenID configuration.
72 | * **User Authorization** with Simple or Role Based Access Controls \(RBAC\).
73 | * **Data Policies** for masking and redaction of sensitive data like Credit Card or PII.
74 | * **Data Governance** with all user actions captured in the Kpow audit log.
75 | * **Slack Integration** to have user actions sent to an operations channel as they happen.
76 | * **HTTPS** easily configured with your own certificates, or integrated with a reverse-proxy.
77 | * **Prometheus** endpoints to integrate with your preferred metrics and alerting systems.
78 | * **Multi-Cluster Monitoring** from a single installation for cost efficiency and simplicity.
79 | * **All data in local topics** makes Kpow perfect for air-gapped environments.
80 |
81 | 
82 |
83 | ### And Much More...
84 |
85 | **Live Mode** for real-time monitoring, **Multi-Dimensional Consumer Lag** insights from Kpow's custom derived telemetry, **No Requirement for JMX** access, discover all of our features in this [guide](https://docs.kpow.io).
86 |
87 |
88 | # Compatibility
89 |
90 | Kpow is compatible with **Apache Kafka 1.0+.**
91 |
92 | Kpow has been tested and is compatible with [Apache Kafka](https://kafka.apache.org/), [Amazon MSK](https://aws.amazon.com/msk/), [Amazon MSK Serverless](https://aws.amazon.com/msk/features/msk-serverless/), [Red Had AMQ Streams](https://www.redhat.com/en/resources/amq-streams-datasheet), [Aiven Managed Kafka](https://aiven.io/kafka), [Instaclustr Managed Kafka](https://www.instaclustr.com/products/managed-apache-kafka/), [Confluent Platform](https://www.confluent.io/product/confluent-platform), [Confluent Cloud](https://www.confluent.io/confluent-cloud)**\***, [Azure Event Hubs](https://azure.microsoft.com/en-us/services/event-hubs/)**\*** and [Vectorized Redpanda](https://vectorized.io/redpanda/)**\***.
93 |
94 | \*Some disk related metrics and telemetry are not available when using Kpow with Confluent Cloud, Azure Event Hubs and Redpanda.
95 |
96 | # Quick start + local evaluation
97 |
98 | To evaluate Kpow locally with Docker Compose and a 3-node Kafka cluster, visit the [kpow-local](https://github.com/factorhouse/kpow-local) GitHub repository.
99 |
100 | Instructions on how to start a [30-day free trial](https://kpow.io/#trial) of Kpow can be found in the [kpow-local](https://github.com/factorhouse/kpow-local) README.
101 |
102 | Visit https://docs.kpow.io/ for more documentation on getting started with Kpow
103 |
104 | # License
105 |
106 | Kpow is proprietary software. Kpow's EULA can be found in the [GitHub repository](https://github.com/factorhouse/kpow/blob/main/resources/eula.txt) or at https://kpow.io/eula/
107 |
108 | The Dockerfile's and [kpow](https://github.com/factorhouse/kpow) repository are licensed under the Eclipse Public License 1.0 (EPL-1.0)
--------------------------------------------------------------------------------
/dockerhub/kpow/README.md:
--------------------------------------------------------------------------------
1 | [](https://github.com/factorhouse/kpow/actions/workflows/release.yml)
2 |
3 | Dockerfile for [Kpow](https://kpow.io) - The Ultimate Engineering Toolkit for [Apache Kafka®](https://kafka.apache.org/)
4 |
5 | **Note**: This repository is for the [Enterprise Edition](https://kpow.io/pricing) of Kpow.
6 |
7 | * The Community Edition DockerHub repository can be found at [factorhouse/kpow-ce](https://hub.docker.com/r/factorhouse/kpow-ce)
8 |
9 | View [Features](https://kpow.io/features) to compare editions.
10 |
11 | # Quick reference
12 |
13 | * **Maintained by**: [the Factor House team](https://github.com/factorhouse/kpow)
14 | * **Where to get help**: [GitHub](https://github.com/factorhouse/kpow), [Kpow documentation](http://docs.kpow.io/), [Support Hub](https://kpow.io/support)
15 |
16 | # Supported tags respective `Dockerfile` links
17 |
18 |
19 |
20 | * [94.2, latest](https://github.com/factorhouse/kpow/blob/main/dockerfile/kpow/Dockerfile)
21 | * [94.2-rh-ubi](https://github.com/factorhouse/kpow/blob/main/dockerfile/rh-ubi/Dockerfile)
22 |
23 |
24 |
25 | # Quick reference (cont.)
26 |
27 | * **Where to file issues:** https://github.com/factorhouse/kpow/issues
28 | * **Published image artifact details:** [GitHub actions CI](https://github.com/factorhouse/kpow/actions/workflows/build.yml)
29 | * **Image updates**: https://github.com/factorhouse/kpow/tags
30 | * **Source of this description**: [dockerhub/kpow/README.md](https://github.com/factorhouse/kpow/blob/main/dockerhub/kpow/README.md)
31 |
32 | # What is Kpow?
33 |
34 | ### An Engineering Toolkit for Apache Kafka®
35 |
36 | Kpow is the toolkit that empowers your team to deliver with Kafka.
37 |
38 | Once installed, Kpow gathers information about your Kafka resources every minute, stores the results locally in internal topics, then provides custom telemetry and insights to you in a rich data-oriented UI.
39 |
40 | ### X-Ray Vision of Kafka Resources
41 |
42 | Gain instant visibility of your brokers, topics, groups, partitions, offsets, and more.
43 |
44 | Kpow offers full support for controlling and monitoring Kafka Connect clusters and Schema Registries.
45 |
46 | 
47 |
48 | ### Deep Data Inspect with kJQ
49 |
50 | Search **tens of thousands of messages a second** with Kpow’s unique, custom implementation of JQ-like queries for Kafka topics.
51 |
52 | **kJQ** works with JSON or JSON-like data including Apache Avro®, Transit, EDN, and even Protobuf messages where you have configured custom serdes to output JSON formatted text.
53 |
54 | 
55 |
56 | ### Compute Console to Control and Monitor Streams
57 |
58 | Brokers, topics, and the data on them tell only one part of the Kafka story.
59 |
60 | Kpow Compute provides access to your consumer \(and soon, _Kafka Streams_\) topologies allowing **visualization of message throughput and lag** at point of consumption and the ability to **reset consumption** at a group, host, member, topic, or assignment level.
61 |
62 | 
63 |
64 | ### Built for the Enterprise
65 |
66 | Kpow comes from a practical application of Kafka to real-world requirements and provides:
67 |
68 | * **User Authentication** via DB, File, LDAP, SAML, or OpenID configuration.
69 | * **User Authorization** with Simple or Role Based Access Controls \(RBAC\).
70 | * **Data Policies** for masking and redaction of sensitive data like Credit Card or PII.
71 | * **Data Governance** with all user actions captured in the Kpow audit log.
72 | * **Slack Integration** to have user actions sent to an operations channel as they happen.
73 | * **HTTPS** easily configured with your own certificates, or integrated with a reverse-proxy.
74 | * **Prometheus** endpoints to integrate with your preferred metrics and alerting systems.
75 | * **Multi-Cluster Monitoring** from a single installation for cost efficiency and simplicity.
76 | * **All data in local topics** makes Kpow perfect for air-gapped environments.
77 |
78 | 
79 |
80 | ### And Much More...
81 |
82 | **Live Mode** for real-time monitoring, **Multi-Dimensional Consumer Lag** insights from Kpow's custom derived telemetry, **No Requirement for JMX** access, discover all of our features in this [guide](https://docs.kpow.io).
83 |
84 |
85 | # Compatibility
86 |
87 | Kpow is compatible with **Apache Kafka 1.0+.**
88 |
89 | Kpow has been tested and is compatible with [Apache Kafka](https://kafka.apache.org/), [Amazon MSK](https://aws.amazon.com/msk/), [Amazon MSK Serverless](https://aws.amazon.com/msk/features/msk-serverless/), [Red Had AMQ Streams](https://www.redhat.com/en/resources/amq-streams-datasheet), [Aiven Managed Kafka](https://aiven.io/kafka), [Instaclustr Managed Kafka](https://www.instaclustr.com/products/managed-apache-kafka/), [Confluent Platform](https://www.confluent.io/product/confluent-platform), [Confluent Cloud](https://www.confluent.io/confluent-cloud)**\***, [Azure Event Hubs](https://azure.microsoft.com/en-us/services/event-hubs/)**\*** and [Vectorized Redpanda](https://vectorized.io/redpanda/)**\***.
90 |
91 | \*Some disk related metrics and telemetry are not available when using Kpow with Confluent Cloud, Azure Event Hubs and Redpanda.
92 |
93 | # Quick start + local evaluation
94 |
95 | To evaluate Kpow locally with Docker Compose and a 3-node Kafka cluster, visit the [kpow-local](https://github.com/factorhouse/kpow-local) GitHub repository.
96 |
97 | Instructions on how to start a [30-day free trial](https://kpow.io/#trial) of Kpow can be found in the [kpow-local](https://github.com/factorhouse/kpow-local) README.
98 |
99 | Visit https://docs.kpow.io/ for more documentation on getting started with Kpow
100 |
101 | # License
102 |
103 | Kpow is proprietary software. Kpow's EULA can be found in the [GitHub repository](https://github.com/factorhouse/kpow/blob/main/resources/eula.txt) or at https://kpow.io/eula/
104 |
105 | The Dockerfile's and [kpow](https://github.com/factorhouse/kpow) repository are licensed under the Eclipse Public License 1.0 (EPL-1.0)
--------------------------------------------------------------------------------
/docs/CNAME:
--------------------------------------------------------------------------------
1 | releases.kpow.io
--------------------------------------------------------------------------------
/docs/changelog.edn:
--------------------------------------------------------------------------------
1 | {"80" []}
2 |
--------------------------------------------------------------------------------
/docs/index.html:
--------------------------------------------------------------------------------
1 |
2 | Redirecting to kPow.IO Releases
3 |
4 |
5 |
6 | Redirecting to kpow.io/releases.
7 |
8 |
--------------------------------------------------------------------------------
/docs/releases-ce.edn:
--------------------------------------------------------------------------------
1 | [{:tag "90.1.20221027", :release-time "2022-10-27-18-23"}
2 | {:tag "90.1.3", :release-time "2022-10-28-10-31"}
3 | {:tag "90.2", :release-time "2022-11-03-17-38"}
4 | {:tag "90.2.1", :release-time "2022-11-03-19-05"}
5 | {:tag "90.3.1", :release-time "2022-12-05-15-08"}
6 | {:tag "90.4.1", :release-time "2022-12-16-14-53"}
7 | {:tag "90.5.1", :release-time "2022-12-20-15-42"}
8 | {:tag "90.6.1", :release-time "2023-01-26-16-47"}
9 | {:tag "91.1.1", :release-time "2023-03-06-17-03"}
10 | {:tag "91.2.1", :release-time "2023-03-14-17-19"}
11 | {:tag "91.3.1", :release-time "2023-05-15-20-56"}
12 | {:tag "91.4.1", :release-time "2023-05-30-11-38"}
13 | {:tag "91.5.1", :release-time "2023-07-12-17-47"}
14 | {:tag "92.1.1", :release-time "2023-09-15-14-58"}
15 | {:tag "92.2.1", :release-time "2023-11-01-15-31"}
16 | {:tag "92.3.1", :release-time "2024-01-12-17-51"}
17 | {:tag "92.4.1", :release-time "2024-03-05-15-26"}
18 | {:tag "93.1", :release-time "2024-03-18-16-16"}
19 | {:tag "93.2", :release-time "2024-05-16-13-52"}
20 | {:tag "93.3", :release-time "2024-07-18-19-59"}
21 | {:tag "93.4", :release-time "2024-08-20-14-54"}
22 | {:tag "94.1", :release-time "2025-02-27-17-43"}
23 | {:tag "94.2", :release-time "2025-05-15-20-23"}]
24 |
--------------------------------------------------------------------------------
/docs/releases-ee.edn:
--------------------------------------------------------------------------------
1 | [{:tag "88.1", :release-time "2022-01-14-15-00"}
2 | {:tag "88.2", :release-time "2022-02-24-15-00"}
3 | {:tag "88.3", :release-time "2022-04-08-15-00"}
4 | {:tag "88.4", :release-time "2022-04-14-15-00"}
5 | {:tag "88.5", :release-time "2022-05-06-15-00"}
6 | {:tag "88.6", :release-time "2022-05-27-15-00"}
7 | {:tag "88.7", :release-time "2022-06-01-15-00"}
8 | {:tag "89", :release-time "2022-07-29-16-02"}
9 | {:tag "89.1", :release-time "2022-08-02-12-20"}
10 | {:tag "89.2", :release-time "2022-08-08-16-06"}
11 | {:tag "89.3", :release-time "2022-08-11-17-11"}
12 | {:tag "89.4", :release-time "2022-08-26-17-28"}
13 | {:tag "90.1", :release-time "2022-10-27-18-08"}
14 | {:tag "90.2", :release-time "2022-11-03-17-30"}
15 | {:tag "90.3", :release-time "2022-12-02-17-34"}
16 | {:tag "90.4", :release-time "2022-12-16-14-37"}
17 | {:tag "90.5", :release-time "2022-12-20-15-41"}
18 | {:tag "90.6", :release-time "2023-01-26-16-45"}
19 | {:tag "91.1", :release-time "2023-03-06-17-00"}
20 | {:tag "91.2", :release-time "2023-03-14-17-16"}
21 | {:tag "91.3", :release-time "2023-04-18-16-39"}
22 | {:tag "91.4", :release-time "2023-05-30-10-30"}
23 | {:tag "91.5", :release-time "2023-07-12-17-43"}
24 | {:tag "92.1", :release-time "2023-09-15-14-50"}
25 | {:tag "92.2", :release-time "2023-11-01-15-27"}
26 | {:tag "92.3", :release-time "2024-01-12-18-16"}
27 | {:tag "92.4", :release-time "2024-03-05-15-36"}
28 | {:tag "93.1", :release-time "2024-03-18-16-51"}
29 | {:tag "93.2", :release-time "2024-05-16-13-47"}
30 | {:tag "93.3", :release-time "2024-07-18-19-55"}
31 | {:tag "93.4", :release-time "2024-08-20-14-50"}
32 | {:tag "94.1", :release-time "2025-02-27-17-38"}
33 | {:tag "94.2", :release-time "2025-05-15-20-23"}]
34 |
--------------------------------------------------------------------------------
/docs/releases-v2.edn:
--------------------------------------------------------------------------------
1 | [{:tag "88.1", :release-time "2022-01-14-15-00"}
2 | {:tag "88.2", :release-time "2022-02-24-15-00"}
3 | {:tag "88.3", :release-time "2022-04-08-15-00"}
4 | {:tag "88.4", :release-time "2022-04-14-15-00"}
5 | {:tag "88.5", :release-time "2022-05-06-15-00"}
6 | {:tag "88.6", :release-time "2022-05-27-15-00"}
7 | {:tag "88.7", :release-time "2022-06-01-15-00"}
8 | {:tag "89", :release-time "2022-07-29-16-02"}
9 | {:tag "89.1", :release-time "2022-08-02-12-20"}
10 | {:tag "89.2", :release-time "2022-08-08-16-06"}
11 | {:tag "89.3", :release-time "2022-08-11-17-11"}
12 | {:tag "89.4", :release-time "2022-08-26-17-28"}
13 | {:tag "90.1", :release-time "2022-10-27-18-08"}
14 | {:tag "90.2", :release-time "2022-11-03-17-30"}
15 | {:tag "90.3", :release-time "2022-12-02-17-34"}
16 | {:tag "90.4", :release-time "2022-12-16-14-37"}
17 | {:tag "90.5", :release-time "2022-12-20-15-41"}
18 | {:tag "90.6", :release-time "2023-01-26-16-45"}
19 | {:tag "91.1", :release-time "2023-03-06-17-00"}
20 | {:tag "91.2", :release-time "2023-03-14-17-16"}
21 | {:tag "91.3", :release-time "2023-04-18-16-39"}
22 | {:tag "91.4", :release-time "2023-05-30-10-30"}
23 | {:tag "91.5", :release-time "2023-07-12-17-43"}
24 | {:tag "92.1", :release-time "2023-09-15-14-50"}
25 | {:tag "92.2", :release-time "2023-11-01-15-27"}
26 | {:tag "92.3", :release-time "2024-01-12-18-16"}
27 | {:tag "92.4", :release-time "2024-03-05-15-36"}
28 | {:tag "93.1", :release-time "2024-03-18-16-51"}
29 | {:tag "93.2", :release-time "2024-05-16-13-47"}
30 | {:tag "93.3", :release-time "2024-07-18-19-55"}
31 | {:tag "93.4", :release-time "2024-08-20-14-50"}
32 | {:tag "94.1", :release-time "2025-02-27-17-38"}
33 | {:tag "94.2", :release-time "2025-05-15-20-23"}]
34 |
--------------------------------------------------------------------------------
/docs/releases.edn:
--------------------------------------------------------------------------------
1 | [{:number 66, :release-time "2021-03-16-10-49"}
2 | {:number 67, :release-time "2021-03-16-11-08"}
3 | {:number 68, :release-time "2021-03-18-14-54"}
4 | {:number 69, :release-time "2021-03-18-16-09"}
5 | {:number 70, :release-time "2021-03-19-14-47"}
6 | {:number 71, :release-time "2021-04-15-14-35"}
7 | {:number 72, :release-time "2021-04-16-16-43"}
8 | {:number 73, :release-time "2021-04-22-11-39"}
9 | {:number 74, :release-time "2021-04-29-15-28"}
10 | {:number 75, :release-time "2021-04-30-14-07"}
11 | {:number 76, :release-time "2021-05-04-18-06"}
12 | {:number 78, :release-time "2021-06-04-18-44"}
13 | {:number 79, :release-time "2021-06-24-14-31"}
14 | {:number 80, :release-time "2021-07-12-17-56"}
15 | {:number 81, :release-time "2021-08-13-16-00"}
16 | {:number 82, :release-time "2021-08-17-14-23"}
17 | {:number 83, :release-time "2021-09-09-16-15"}
18 | {:number 84, :release-time "2021-09-29-18-45"}
19 | {:number 85, :release-time "2021-10-07-20-21"}
20 | {:number 86, :release-time "2021-10-14-19-10"}
21 | {:number 87, :release-time "2021-11-04-12-27"}
22 | {:number 88, :release-time "2021-12-17-17-26"}
23 | {:number 89, :release-time "2022-01-17-15-00"}]
24 |
--------------------------------------------------------------------------------
/resources/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 |
4 | exec java $JVM_OPTS -jar /opt/factorhouse/lib/kpow.jar
5 |
--------------------------------------------------------------------------------
/resources/eula.txt:
--------------------------------------------------------------------------------
1 | End User License Agreement (EULA)
2 | Last Updated: September 14, 2022
3 | In this Agreement, 'us' 'we' or 'our' means Factor House Pty Ltd ACN 635 807 251 and our related bodies corporate.
4 | 1. DEFINITIONS
5 | Documentation means the user guides and manuals for Software provided by us to you to assist your use of our Products.
6 |
7 | Order Form means an online shopping cart or any subsequent order form, or purchase order for additional Products or services that have been accepted by us.
8 |
9 | License Certificate means the evidence provided to you by us of your license to use our Products.
10 |
11 | Cluster Credits means the total number of Apache Kafka clusters permitted for concurrent use with our Products by your License Certificate.
12 |
13 | Products mean the Software and other services provided by us under this Agreement.
14 |
15 | Software means Kpow, the tool that helps your team deliver and monitor applications built with Apache Kafka.
16 |
17 | Marketplace means the AWS Marketplace or Red Hat Marketplace through which Kpow can be purchased.
18 |
19 | You mean the individual or organization, identified as the Licensee by a License Certificate.
20 |
21 | 2. PRODUCTS AND LICENSE
22 | 2.1 License Certificate
23 | A License Certificate allows you to use our Products with as many concurrent Apache Kafka clusters as described within the License Certificate as Cluster Credits for the License Term.
24 |
25 | Where we issue you a License Certificate, we grant you a revocable, non-exclusive, non-transferable, non-sublicensable license to install and use the Software for your internal business purposes, which includes the internal business purposes of any subsidiaries that you control either directly or indirectly.
26 |
27 | Your use of the Products is subject to the restrictions described in the License Certificate. If you use the Products in excess of the specified restrictions, you agree immediately to report such additional usage to us and pay all additional fees due for periods when you exceeded the scope of your license.
28 |
29 | If you have been granted access to the Products for evaluation purposes and no Order Form has been executed, this Agreement will apply from the date we first make the Products available to you.
30 |
31 | 2.2 License Term
32 | Each Software License is granted until the expiry date specified by the License Certificate pursuant to which the Software is provided to you.
33 |
34 | 2.2.1 Explicit License Expiry
35 | Where your License Certificate Expiry specifies an explicit date, your Software License is granted until that date.
36 |
37 | 2.2.1 Marketplace Subscription License Expiry
38 | Where your License Certificate Type specifies a Marketplace Subscription to our Products and your License Certificate Expiry specifies a period of time your Software License is granted from the date of your latest Marketplace Subscription payment until the time period specified in the License Certificate expiry has passed.
39 |
40 | 2.3 Restrictions
41 | You shall not, and shall not allow others to:
42 |
43 | -- Continue using our Products beyond the term of your license;
44 |
45 | -- Cause or permit the reverse engineering, disassembly, or decompilation of any portion of any Products;
46 |
47 | -- Remove any copyright notices or other proprietary notices or restrictions from any of the Products;
48 |
49 | -- Knowingly disclose results of any benchmark or other performance tests to any third party without our prior written consent; or
50 |
51 | -- Distribute, sell, sublicense, rent, lease or use the Products (or any portion thereof) for time sharing, hosting, a service provider, or similar purposes.
52 |
53 | 2.4 Ownership
54 | The Products constitute proprietary works of ours and our licensors, protected by copyright and other intellectual property laws. Except for the rights granted in this Agreement, we retain all our rights, title, and interest, including all intellectual property rights, in the Products and the Documentation. The terms purchase and sale in reference to the Products notwithstanding, it is expressly agreed by the parties that title to the Products does not pass to you, and your rights with respect to the Products will only be that of a licensee.
55 |
56 | 2.5 No Transfers
57 | The Products may not be transferred or redistributed to any third party. You may not permit access or use of the Products by any third party, except for your employees and contractors performing services for your benefit. You may transfer the Products to another location within your organization or that of a contractor performing services for your benefit.
58 |
59 | 3. LICENSE FEES, PAYMENT AND COMPLIANCE
60 | 3.1 Payment Terms for Direct Purchases
61 | You agree to pay the Fees chargeable for your relevant Kpow License(s) and, where applicable, your Support Plan.
62 |
63 | Except as where an invoice is issued or where an alternate written agreement has been made, payment of all Fees due under this Agreement or any Order Form is payable in advance. You shall provide payment via https://factorhouse.io/flex/credits. Payment can be made via Credit Card, Wire Transfer, PayPal and Apple Pay.
64 |
65 | No License Certificates will be issued without advance payment. Where an invoice is issued or where an alternate written agreement has been made, the License Certificate will be issued on receipt of a valid Purchase Order.
66 |
67 | Where an invoice is issued you shall pay all Fees due net 30 days from the invoice date.
68 |
69 | All Fees are non-cancellable and non-refundable, except as expressly provided in this Agreement. You shall be responsible for any taxes, duties, or withholdings.
70 |
71 | 3.2 Payment Terms for Marketplace Purchases
72 | You agree to pay the Fees chargeable for your relevant Kpow License(s) and, where applicable, your Support Plan in accordance with the payment terms of the Marketplace.
73 |
74 | 3.3 Merchant of Record
75 | Direct Purchases are conducted by our reseller Paddle.com, who act as the Merchant of Record for all direct license purchases.
76 |
77 | Paddle.com provides all customer service inquiries and handles returns on such purchases. We provide a 30-day, no questions asked, money-back guarantee on all direct license purchases conducted via Paddle.com.
78 |
79 | 3.4 Fee Changes
80 | We reserve the right to introduce or change any Fees from time to time by giving you no less than 14 days written notice. Any new or changed Fees will be applied at your license renewal after you have been given such notice.
81 |
82 | 3.5 Compliance
83 | We have the right, with reasonable notice to you, to audit your use of the Products no more than once each calendar year to assure compliance with the terms of this Agreement.
84 |
85 | The right to audit is subject to the following conditions:
86 |
87 | 3.5.1 We shall give you at least 14 days written notice prior to any audit.
88 |
89 | 3.5.2 Any audits will be carried out during normal business hours and shall not unreasonably disrupt your business.
90 |
91 | 3.5.3 Where required, we (or those acting on our behalf) shall enter into a confidentiality agreement.
92 |
93 | 3.5.4 No records or copies thereof shall be taken from the premises.
94 |
95 | 4. CONFIDENTIAL INFORMATION
96 | 4.1. Confidential Information means:
97 | 4.1.1 Any information disclosed by either party to the other party, either directly or indirectly, in writing, orally, or by inspection of tangible objects, including, without limitation, algorithms, business plans, your data, your lists, your names, design documents, drawings, engineering information, financial analysis, forecasts, formulas, hardware configuration information, know-how, ideas, inventions, market information, marketing plans, processes, products, product plans, research, specifications, software, source code, trade secrets or any other information which is designated as confidential, proprietary or some similar designation; and
98 |
99 | 4.1.2 Any information otherwise obtained, directly or indirectly, by a receiving party through inspection, review, or analysis of the materials described in clause (1). Information disclosed orally shall be considered Confidential Information only if such information is confirmed in writing as being Confidential Information within a reasonable time after the initial disclosure. Confidential Information may also include information of a third party that is in the possession of one of the parties and is disclosed to the other party under this Agreement. Confidential Information includes, without limitation, any Products, related documentation, specifications, pricing, disclosures in connection with Services, and the terms and conditions of this Agreement. Confidential Information shall remain the sole property of the disclosing party or its licensors.
100 |
101 | 4.2 Nondisclosure
102 | Information/items will not be considered as Confidential Information if the receiving party can establish by documentary evidence that the information is or was:
103 |
104 | 4.2.1 Lawfully available to the public through no act or omission of the receiving party;
105 |
106 | 4.2.2 In the receiving party's lawful possession prior to disclosure by the disclosing party and not obtained either directly or indirectly from the disclosing party;
107 |
108 | 4.2.3 Lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
109 |
110 | 4.2.4 Independently developed by the receiving party.
111 |
112 | Confidential Information is not disclosed or distributed by its employees or agents in violation of this Agreement. A receiving party facing legal action to disclose Confidential Information of the disclosing party shall promptly notify and provide the disclosing party the opportunity to oppose such disclosure or obtain a protective order and shall continue to treat such information as Confidential Information.
113 |
114 | This clause 4.2 shall not be construed as granting or conferring any rights to either party by license or otherwise, expressly or implicitly, to any Confidential Information.
115 |
116 | 5. LIMITATION OF LIABILITY
117 | 5.1 No Warranties and Limitation of Liability
118 | The use of the Products is at your own risk. We do not warrant that any product or service will meet your requirements, that the products will operate in the combinations which you may select for use or with any other programs used by you, that the operation of any product will be uninterrupted or error-free, or that all errors in products, hardware or documentation will be corrected.
119 |
120 | To the maximum extent allowed by law, we will not be liable to you in any way for any damages to you or any third party resulting from your use of the Products. If we would nevertheless be held liable by a competent court, then our liability will be capped at the license fee paid during the 12 months prior to the relevant incident, and, in the absence of a paid license fee, 50 USD.
121 |
122 | We do not guarantee that our Products will meet your requirements, or that any errors in the Products will be corrected.
123 |
124 | 5.2 No Implied Warranties
125 | We make no warranties in relation to our Products, whether express or implied, including non-infringement and the implied warranties of merchantability and fitness for a particular purpose.
126 |
127 | 6. LIMITATION OF WARRANTIES AND LIABILITIES
128 | 6.1 No Indirect Damages
129 | Except for your breach of the license restrictions in clause 2 and your confidentiality obligations in clause 4, in no event shall either party or its licensors (including their directors, officers, employees, representatives, agents, and suppliers) be liable for any indirect, incidental, special or consequential damages, including without limitation procurement of substitute products or services or loss of profits, revenue, data or data use, even if we and/or our licensors have been advised of the possibility of such damages.
130 |
131 | 6.2 Limit on Direct Damages
132 | Except for your breach of the license restrictions in clause 2 and its confidentiality obligations in clause 4, the aggregate, cumulative liability of each party (including its directors, officers, employees, representatives, agents, and suppliers) under this agreement shall be limited to the fees paid or payable by you to us during the twelve-month period prior to the event giving rise to any claim.
133 |
134 | 6.3 Allocation of Risk
135 | The provisions of this Agreement fairly allocate the risks between the parties. You acknowledge and agree that the pricing reflects this allocation of risk and the limitation of liability specified in this agreement and that we would not enter into this Agreement without such allocation and limitation.
136 |
137 | 7. TERMINATION
138 | 7.1 Termination for Breach
139 | Either party may terminate this Agreement (including all related Order Forms) if the other party:
140 |
141 | 7.1 Fails to cure any material breach of this Agreement within thirty (30) days after written notice of such breach;
142 |
143 | 7.2 Ceases operation without a successor; or
144 |
145 | 7.3 Seeks protection under any bankruptcy, receivership, trust deed, creditors arrangement, composition or comparable proceeding, or if any such proceeding is instituted against such party (and not dismissed within sixty (60) days)). Termination is not an exclusive remedy and the exercise by either party of any remedy under this Agreement will be without prejudice to any other remedies it may have under this Agreement, by law, or otherwise.
146 |
147 | 7.2 Effect in Termination
148 | Immediately on termination of this Agreement, you shall cease all use of the Products. Within 10 business days following the termination date you shall return to us or destroy (and certify to us in writing as to such destruction) all copies of the Software and any other materials embodying the Products.
149 |
150 | 7.3 Survival
151 | Clauses 4, 5, 6, and 8 of this Agreement shall survive any termination of this Agreement.
152 |
153 | 8. GENERAL
154 | 8.1 Authorisation
155 | Each party represents and warrants that the person executing this Agreement on behalf of such party, or clicking I agree in the case of a Product trial or online marketplace subscription, is authorized to enter into this Agreement on behalf of such party.
156 |
157 | 8.2 Integration
158 | This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter hereof. If any provision of this Agreement is adjudicated invalid or unenforceable, the remaining provisions will remain in effect and the Agreement will be amended to the minimum extent necessary to achieve, to the maximum extent possible, the same legal and commercial effect originally intended by the parties. This Agreement shall supersede the terms of any purchase order or other business form. If accepted by us in lieu of or in addition to our Order Form, your purchase order shall be binding only as to the following terms:
159 |
160 | 8.2.1 The Products and services ordered; and
161 |
162 | 8.2.2 The appropriately calculated fees due. Other terms shall be void.
163 |
164 | 8.3 Assignment
165 | This Agreement is personal to you originally licensed and may not be assigned, whether by operation of law or otherwise, except that either party may assign this Agreement or any Software license to its successor in the event of a merger, acquisition, or sale of all or substantially all of the assets of such party or an applicable business unit. Any other purported assignment shall be void.
166 |
167 | 8.4 Force Majeure
168 | Neither party shall be liable to the other for its failure to perform its obligations under this Agreement, except for payment obligations, during any period in which such performance is delayed or rendered impracticable or impossible due to unforeseen circumstances beyond its reasonable control.
169 |
170 | 8.5 Amendments and Counterparts
171 | We reserve the right to change these terms from time to time. Notice of any such changes will be provided to you in writing. Upon receiving a notice of changes from us under this clause, you will have the option to terminate the license(s) you hold under this Agreement within 30 days by providing notice in writing to us. You agree that we will not refund you for any fees paid if you wish to terminate the license(s) under this clause. No supplement, modification, or amendment of this Agreement by you shall otherwise be binding unless executed in writing by a duly authorized representative of each party.
172 |
173 | No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. This Agreement may be executed by written signature or electronically and delivered in multiple counterparts, including facsimile, PDF, or other electronic counterparts, all of which will constitute one and the same instrument and agreement.
174 |
175 | 8.6 Governing Law and Jurisdiction
176 | The law of Victoria, Australia, governs this Agreement. The parties submit to the non-exclusive jurisdiction of the courts of Victoria and of Australia.
177 |
178 | 8.7 Notices
179 | A notice or other communication connected with this Agreement (Notice)has no legal effect unless it is in writing. In addition to any other method of service provided by law, the Notice may be sent by email to the email address of the addressee.
180 |
181 | 8.8 No Agency Relationship
182 | Nothing in this Agreement shall be construed to create a partnership, joint venture, or agency relationship between the parties.
183 |
184 | 8.9 Open Source Notice
185 | We may distribute third party open source software programs with the Software either incorporated into the Software or provided separately. These third-party programs are subject to their own additional license terms, none of which require notice, attribution, payment, disclosure, or license back of any of your information.
186 |
187 | 8.10 Data Collection and Privacy
188 | We may collect and process technical and related information about your use of the Software which may include non-personally identifiable analytics and usage information to facilitate the provision of updates, support, invoicing, or to improve our products or services. Such information will be subject to our Privacy Policy, which policy is hereby incorporated by reference and made a part of this Agreement.
189 |
190 | 8.11 Publicity
191 | You agree that we may use your name and logo in our customer list and may publish information identifying you as a user of our products in advertisements, news releases, and releases to professional and trade publications. You will have the right to approve each such release prior to its placement but you agree not to unreasonably withhold its approval. This clause only applies if you are an organization and does not apply if you are an individual.
--------------------------------------------------------------------------------
/scripts/build_all.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -Eeuxo pipefail
4 |
5 | VERSION=$1
6 | IMAGE_ID=$2
7 | IMAGE_TAG=$3
8 | DOCKERFILE=$4
9 | RELEASE=`date +%s`
10 |
11 | docker buildx build --pull \
12 | --build-arg RELEASE=$RELEASE \
13 | --build-arg VERSION=$VERSION \
14 | --platform=linux/amd64,linux/arm64 \
15 | --sbom=true \
16 | --provenance=true \
17 | -f $DOCKERFILE \
18 | -t $IMAGE_ID:$IMAGE_TAG \
19 | --push .
20 |
--------------------------------------------------------------------------------
/scripts/build_amd64.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -Eeuxo pipefail
4 |
5 | VERSION=$1
6 | IMAGE_ID=$2
7 | IMAGE_TAG=$3
8 | DOCKERFILE=$4
9 | RELEASE=`date +%s`
10 |
11 | docker buildx build --pull \
12 | --build-arg RELEASE=$RELEASE \
13 | --build-arg VERSION=$VERSION \
14 | --platform=linux/amd64 \
15 | --sbom=true \
16 | --provenance=true \
17 | -f $DOCKERFILE \
18 | -t $IMAGE_ID:$IMAGE_TAG \
19 | --push .
20 |
--------------------------------------------------------------------------------
/scripts/dockerhub_readme_kpow.clj:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bb
2 |
3 | (def readme (slurp "dockerhub/kpow/README.md"))
4 | (def readme-lines (str/split-lines readme))
5 | (def release-number *input*)
6 |
7 | (def tags
8 | [""
9 | ""
10 | (format "* [%s, latest](%s)" release-number "https://github.com/factorhouse/kpow/blob/main/dockerfile/kpow/Dockerfile")
11 | (format "* [%s-rh-ubi](%s)" release-number "https://github.com/factorhouse/kpow/blob/main/dockerfile/rh-ubi/Dockerfile")
12 |
13 | ""])
14 |
15 | (def next-readme-lines
16 | (reduce
17 | (fn [ctx curr-line]
18 | (cond
19 | (= "" (str/trim curr-line))
20 | (assoc ctx
21 | :in-release-links? false
22 | :next-lines (conj (:next-lines ctx) curr-line))
23 |
24 | (:in-release-links? ctx)
25 | ctx
26 |
27 | (= "" (str/trim curr-line))
28 | (assoc ctx
29 | :in-release-links? true
30 | :next-lines (into (:next-lines ctx) tags))
31 |
32 | :else
33 | (assoc ctx :next-lines (conj (:next-lines ctx) curr-line))))
34 | {:in-release-links? false :next-lines []}
35 | readme-lines))
36 |
37 | (def next-readme (str/join "\n" (:next-lines next-readme-lines)))
38 |
39 | (spit "dockerhub/kpow/README.md" next-readme)
40 |
--------------------------------------------------------------------------------
/scripts/dockerhub_readme_kpow_ce.clj:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bb
2 |
3 | (def readme (slurp "dockerhub/kpow-ce/README.md"))
4 | (def readme-lines (str/split-lines readme))
5 | (def release-number (str/trim (slurp *in*)))
6 |
7 | (def tags
8 | [""
9 | ""
10 | (format "* [%s, latest](%s)" release-number "https://github.com/factorhouse/kpow/blob/main/dockerfile/kpow-ce/Dockerfile")
11 |
12 | ""])
13 |
14 | (def next-readme-lines
15 | (reduce
16 | (fn [ctx curr-line]
17 | (cond
18 | (= "" (str/trim curr-line))
19 | (assoc ctx
20 | :in-release-links? false
21 | :next-lines (conj (:next-lines ctx) curr-line))
22 |
23 | (:in-release-links? ctx)
24 | ctx
25 |
26 | (= "" (str/trim curr-line))
27 | (assoc ctx
28 | :in-release-links? true
29 | :next-lines (into (:next-lines ctx) tags))
30 |
31 | :else
32 | (assoc ctx :next-lines (conj (:next-lines ctx) curr-line))))
33 | {:in-release-links? false :next-lines []}
34 | readme-lines))
35 |
36 | (def next-readme (str/join "\n" (:next-lines next-readme-lines)))
37 |
38 | (spit "dockerhub/kpow-ce/README.md" next-readme)
39 |
--------------------------------------------------------------------------------
/scripts/jar.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -Eeuxo pipefail
4 |
5 | MANIFEST=$1
6 | mkdir target
7 | curl -o manifest -L -O $MANIFEST
8 |
9 | IFS=$'\n'
10 | for item in $(cat ./manifest)
11 | do
12 | IFS=$' '
13 | itemarray=( $item )
14 | FILENAME="${itemarray[0]}"
15 | S3_URL="${itemarray[1]}"
16 | curl -o $FILENAME -L -O $S3_URL
17 | done
--------------------------------------------------------------------------------
/scripts/rc_release_check.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -Eeuxo pipefail
4 |
5 | # Check if a string contains the substring "-rc"
6 |
7 | input_string="$1"
8 |
9 | if [[ "$input_string" == *"-rc"* ]]; then
10 | exit 0
11 | else
12 | exit 1
13 | fi
14 |
15 |
--------------------------------------------------------------------------------
/scripts/release.clj:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bb
2 |
3 | ;; update docs/releases.edn
4 | (def now (java.time.ZonedDateTime/now))
5 | (def timezone (java.time.ZoneId/of "Australia/Melbourne"))
6 | (def melb-time (.withZoneSameInstant now timezone))
7 | (def pattern (java.time.format.DateTimeFormatter/ofPattern "yyyy-MM-dd-HH-mm"))
8 | (def release-time (.format melb-time pattern))
9 | (def release-tag (first *command-line-args*))
10 | (def release-file (str "docs/" (second *command-line-args*)))
11 |
12 | (println release-time)
13 | (println release-tag)
14 | (println release-file)
15 |
16 | (def releases (edn/read-string (slurp release-file)))
17 | (require '[clojure.pprint :as pprint])
18 | (spit
19 | release-file
20 | (with-out-str
21 | (pprint/pprint (conj releases {:tag (str release-tag) :release-time release-time}))))
--------------------------------------------------------------------------------
/scripts/release_number_check.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -Eeuxo pipefail
4 |
5 | if [ $1 == 'true' ]
6 | then
7 | exit 0
8 | else
9 | exit 1
10 | fi
11 |
12 |
--------------------------------------------------------------------------------
/secure-config/README.md:
--------------------------------------------------------------------------------
1 | # Kpow Secure Configuration
2 |
3 | Available from [Kpow v88.2](https://kpow.io/releases/88-2/).
4 |
5 | This guide demonstrates how to [encrypt](#aes-encrypted-variables) or [obfuscate](#obf-encoded-variables) Kpow configuration to avoid sensitive variables in plaintext.
6 |
7 | Encrypted configuration is **not a replacement for secret managers**, but may help in environments with limited secret management options.
8 |
9 | AES and PBKDF2 support is provided by [kpow-secure](https://github.com/factorhouse/kpow-secure), an open-source library that can be utilized to secure any Apache Kafka client config.
10 |
11 | ## Contents
12 |
13 | * [Kpow Deployment Notes](#kpow-deployment-notes)
14 | * [Kpow Configuration](#kpow-configuration)
15 | * [Secure Variables Quick Start](#secure-variables-quick-start)
16 | * [AES Encrypted Environment Variables Example](#example-shell-script-with-aes-encrypted-environment-variables)
17 | * [AES Encrypted LDAP JAAS 'bindPassword' Example](#example-ldap-jaas-configuration-with-aes-encrypted-bindpassword)
18 | * [AES Encrypted Variables](#aes-encrypted-variables)
19 | * [AES Encryption Steps](#aes-encryption-steps)
20 | * [Download](#download-the-latest-kpow-jar-file) the latest Kpow JAR file
21 | * [Generate](#generate-a-master-encryption-key) a master encryption key
22 | * [Encrypt](#encrypt-sensitive-variables) sensitive variables
23 | * [Check](#check-cipher-text-optional) cipher text (optional)
24 | * [Configure](#configure-encrypted-variables) encrypted variables
25 | * [Provide](#provide-the-master-key-to-kpow) the master key to Kpow
26 | * [OBF Obfuscated Variables](#obf-obfuscated-variables)
27 | * [OBF Obfuscation Steps](#obf-obfuscation-steps)
28 | * [Download](#download-the-latest-kpow-jar) the latest Kpow JAR file
29 | * [Obfuscate](#obfuscate-sensitive-variables) sensitive variables
30 | * [Configure](#configure-obfuscated-variables) obfuscated variables
31 | * [Encrypting Text Containing Special Characters](#encrypting-text-containing-special-characters)
32 | * [Quote](#quote-input-on-the-command-line) input on the command line
33 | * [Read](#read-input-from-file) input from file
34 | * [Using Kpow Secure Configuration in your Kafka Client Application](#using-kpow-secure-configuration-in-your-kafka-client-application)
35 | * [AES Encrypted Client Configuration](#aes-encrypted-client-configuration)
36 | * [Kpow Secure Java API for Decryption](#kpow-secure-java-api-for-decryption)
37 |
38 |
39 | ## Kpow Deployment Notes
40 |
41 | Kpow is deployed as a single Docker container and is built from standard Enterprise Java frameworks like [Jetty](https://www.eclipse.org/jetty/).
42 |
43 | Designed to run air-gapped and used by punchy startups to payment networks, Kpow is deployed in every cloud and on-premise.
44 |
45 | Kpow is conveniently secured the same way as any other Enterprise web-application in your organisation, often that means sensitive variables provided by a [secret manager or vault](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html). You may not need to employ the sensitive variable techniques provided in this guide.
46 |
47 | ## Kpow Configuration
48 |
49 | Kpow is mostly configured via environment variables, with some further configuration being file-based.
50 |
51 | Full documentation for all configuration can be found at [docs.kpow.io](https://docs.kpow.io):
52 |
53 | * [Kpow Environment Variable Guide](https://docs.kpow.io/config/environment-variables)
54 | * [Role Based Access Control Configuration](https://docs.kpow.io/authorization/role-based-access-control)
55 | * [Multi-Tenancy Configuration](https://docs.kpow.io/authorization/tenants)
56 | * [Data/PII Masking Configuration](https://docs.kpow.io/features/data-policies)
57 | * [LDAP/Jaas Authentication Configuration](https://docs.kpow.io/authentication/ldap#jaas-configuration)
58 | * [File Based Authentication Configuration](https://docs.kpow.io/authentication/file)
59 |
60 | ## Secure Variables Quick Start
61 |
62 | Kpow accepts all environment variables and some file-based variables as AES encrypted or OBF (Jetty) obfuscated text.
63 |
64 | #### Example Shell Script with AES Encrypted Environment Variables
65 |
66 | This script defines a `KPOW_SECURE_KEY` and a mixture of encrypted and plain variables.
67 |
68 | If you prefer you can define `KPOW_SECURE_KEY_LOCATION` to read the key from disk.
69 |
70 | **Note:** AES ciphertext is prefixed with `AES:`
71 |
72 | ```bash
73 | # license variables removed
74 | KPOW_SECURE_KEY="XT65RFOuw34GgP+ohBE4J8SwXX0OwoVzQf4KcA4zzaY=" \
75 | ENVIRONMENT_NAME="UAT2 - Trading Book" \
76 | BOOTSTRAP="AES:ARDGXF5y5sG0sPZdACdCyQUO6nVKhpCrkCP//NbrOJEuzO2D22RrocfNJG0J5zegfC4BKznqlQQEI0jU45sKqyRV" \
77 | SECURITY_PROTOCOL="AES:ARDZjxJjLyFJBekswaPK1AGYzO9tUmkqVFxI/wEVvMMVzg==" \
78 | SASL_MECHANISM="AES:ARAM9+ZmMGKfhK8pFufBMnIV3rPMU+MYrITh+3Yauct2wQ==" \
79 | SASL_JAAS_CONFIG="AES:ARBxaOuPOPvyJqyq791yGAAi1eUGVjMgXGoBSRmrw7OTb3EzVjURa15Zuszh8mFCi1990vuKocSV0KHXf9auLn4UmdDjJa5WEuWlvYgefiG6RwWxV3YamITl2Wvuazj8V4c2jkwPb1DkhTylDVJmiYHTrcXSWoYJ4Hiv5EYMOC2x5Q==" \
80 | AUTH_PROVIDER_TYPE="jetty" \
81 | RBAC_CONFIGURATION_FILE="./dev-resources/rbac/jetty.yml" \
82 | java -Djava.security.auth.login.config=dev-resources/jaas/ldap.conf -jar -Xmx2G ./latest-kpow.jar
83 | ```
84 |
85 | #### Example LDAP JAAS Configuration with AES Encrypted 'bindPassword'
86 |
87 | Kpow accepts the bindPassword variable in LDAP JAAS configuration in AES or OBF format.
88 |
89 | **Note:** This feature requires configuring the new `io.kpow.jaas.spi.LdapLoginModule` LDAP module rather than Jetty default.
90 |
91 | **Note:** AES ciphertext is prefixed with `AES:`
92 |
93 | To decrypt with AES Kpow expects `KPOW_SECURE_KEY` or `KPOW_SECURE_KEY_LOCATION` to be set.
94 |
95 | ```bash
96 | kpow {
97 | io.kpow.jaas.spi.LdapLoginModule required
98 | useLdaps="true"
99 | contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
100 | hostname="test-ldap-server.com"
101 | port="616"
102 | bindDn="test@ad.test-ldap-server.com"
103 | bindPassword="AES:ARDZjxJjLyFJBekswaPK1AGYzO9tUmkqVFxI/wEVvMMVzg=="
104 | authenticationMethod="simple"
105 | forceBindingLogin="true"
106 | userBaseDn="DC=ad,DC=test-ldap-server,DC=com"
107 | userRdnAttribute="sAMAccountName"
108 | userIdAttribute="sAMAccountName"
109 | userObjectClass="user"
110 | roleBaseDn="OU=Distribution Groups,OU=Exchange Objects,OU=Melbourne,DC=ad,DC=test-ldap-user,DC=com"
111 | roleNameAttribute="cn"
112 | roleMemberAttribute="member"
113 | roleObjectClass="group";
114 | };
115 | ```
116 |
117 | ## AES Encrypted Variables
118 |
119 | Kpow provides support for strong encryption of variables by integrating the open-source [Kpow-Secure](https://github.com/factorhouse/kpow-secure) library.
120 |
121 | See the [library documentation](https://github.com/factorhouse/kpow-secure) for full details on secure config with standard Java AES encryption and PBKDF2 key generation.
122 |
123 | ### AES Encryption Steps
124 |
125 | Follow these simple steps to secure Kpow variables with AES encryption
126 |
127 | * [Download](#download-the-latest-kpow-jar-file) the latest Kpow JAR file
128 | * [Generate](#generate-a-master-encryption-key) a master encryption key
129 | * [Encrypt](#encrypt-sensitive-variables) sensitive variables
130 | * [Check](#check-cipher-text-optional) cipher text (optional)
131 | * [Configure](#configure-encrypted-variables) encrypted variables
132 | * [Provide](#provide-the-master-key-to-kpow) the master key to Kpow
133 |
134 | #### Download the latest Kpow JAR file
135 |
136 | The latest Kpow JAR artifact is always listed in our [CHANGELOG.md](https://github.com/factorhouse/kpow/blob/main/CHANGELOG.md#latest-release-artifacts) file.
137 |
138 | #### Generate a master encryption key
139 |
140 | Create a passphrase file, longer passphrases with more unique characters are more secure.
141 |
142 | ```
143 | vi passphrase.txt
144 | ```
145 |
146 | The passphrase is read from file to avoid observation in your shell history.
147 |
148 | Then generate a master encryption key using the Kpow JAR and the following command:
149 |
150 | ```bash
151 | java -cp ./kpow-2022-02-17.jar kpow.secure.key --pass-file passphrase.txt --out-file passphrase.key
152 | ```
153 |
154 | ```bash
155 | 13:25:58.951 INFO [main] kpow.secure.key –
156 |
157 | Kpow Secure Key:
158 | ----------------
159 |
160 | wjDYJgpvFWOGq1G9CkT1szG6yHxQDN1iu8OBgzTyrM0=
161 |
162 | Key file written to: passphrase.key
163 |
164 | Random salt used, this key cannot be regenerated.
165 | ```
166 |
167 | When generating a key, specify a `--salt` if you require the ability to regenerate the key.
168 |
169 | #### Encrypt sensitive variables
170 |
171 | Keystore and key passwords are common variables that you may want to secure.
172 |
173 | ```
174 | SSL_KEYSTORE_PASSWORD=mykeystorepassword
175 | ```
176 |
177 | Encrypt the text 'mykeystorepassword' with Kpow and your master key
178 |
179 | ```bash
180 | java -cp ./kpow-2022-02-17.jar kpow.secure --key-file passphrase.key --encrypt mykeystorepassword
181 | ```
182 |
183 | ```bash
184 | 13:49:01.998 INFO [main] kpow.secure –
185 |
186 | Kpow Encrypted:
187 | ---------------
188 |
189 | ARBtyl4hxANqbKPMFg4wEFCf3BJy+nKBkPYMIwK7SMS+jt1WxockS2HJSA50t+IjJU4=
190 | ```
191 |
192 | #### Check cipher text (optional)
193 |
194 | Decrypt the cipher text with Kpow and your master key
195 |
196 | ```bash
197 | java -cp ./kpow-2022-02-17.jar kpow.secure --key-file passphrase.key --decrypt ARAvkZkZhmqy1Ow3Tac9MeNNZo2iGavRzN3m88W++IHDYvrPR5dtrsy8H+7KdXgCmS8=
198 | ```
199 |
200 | ```bash
201 | 13:50:01.998 INFO [main] kpow.secure –
202 |
203 | Kpow Decrypted:
204 | ---------------
205 |
206 | mykeystorepassword
207 | ```
208 |
209 | #### Configure encrypted variables
210 |
211 | Replace any sensitive plaintext variables with `AES:cipher-text`.
212 |
213 | ```
214 | SSL_KEYSTORE_PASSWORD=AES:ARBtyl4hxANqbKPMFg4wEFCf3BJy+nKBkPYMIwK7SMS+jt1WxockS2HJSA50t+IjJU4=
215 | ```
216 |
217 | #### Provide the master key to Kpow
218 |
219 | Configure the `KPOW_SECURE_KEY` environment variable with your master key.
220 |
221 | ```
222 | KPOW_SECURE_KEY=wjDYJgpvFWOGq1G9CkT1szG6yHxQDN1iu8OBgzTyrM0=
223 | ```
224 |
225 | Or load the key from disk by configuring the `KPOW_SECURE_KEY_LOCATION` environment variable.
226 |
227 | ```
228 | KPOW_SECURE_KEY=/path/to/key.file
229 | ```
230 |
231 | Kpow will now decrypt any AES encrypted variables with your master encryption key.
232 |
233 | ## OBF Encoded Variables
234 |
235 | Kpow provides support for weak obfuscatation of variables by integrating the open-source [Jetty Password](https://www.eclipse.org/jetty/javadoc/jetty-10/org/eclipse/jetty/util/security/Password.html) utility.
236 |
237 | ### OBF Obfuscation Steps
238 |
239 | Follow these simple steps to obfuscate Kpow variables with the Jetty Password utility.
240 |
241 | * [Download](#download-the-latest-kpow-jar) the latest Kpow JAR file
242 | * [Obfuscate](#obfuscate-sensitive-variables) sensitive variables
243 | * [Configure](#configure-obfuscated-variables) obfuscated variables
244 |
245 | #### Download the latest Kpow JAR
246 |
247 | The latest Kpow JAR artifact is always listed in our [CHANGELOG.md](https://github.com/factorhouse/kpow/blob/main/CHANGELOG.md#latest-release-artifacts) file.
248 |
249 | #### Obfuscate sensitive variables
250 |
251 | Keystore and key passwords are common variables that you may want to obfuscate.
252 |
253 | ```
254 | SSL_KEYSTORE_PASSWORD=mykeystorepassword
255 | ```
256 |
257 | Obfuscate the text 'mykeystorepassword' with Kpow and the Jetty Password utility
258 |
259 | ```bash
260 | java -cp ./kpow-2022-02-17.jar org.eclipse.jetty.util.security.Password mykeystorepassword
261 | ```
262 |
263 | ```bash
264 | mykeystorepassword
265 | OBF:1uh41zly1w8r1wml1zt11ym71v9u1x8e1vnw1vn61x8g1v8s1ym71zsp1wnl1w8z1zlk1ugm
266 | MD5:14a6a8ceae8529e0ec1a1f5ecc09e8de
267 | ```
268 |
269 | #### Configure obfuscated variables
270 |
271 | Replace any sensitive plaintext variables with `OBF:obfuscated-text`.
272 |
273 | ```
274 | SSL_KEYSTORE_PASSWORD=OBF:1uh41zly1w8r1wml1zt11ym71v9u1x8e1vnw1vn61x8g1v8s1ym71zsp1wnl1w8z1zlk1ugm
275 | ```
276 |
277 | Kpow will now deobfuscate any OBF encoded variables with the Jetty Password utility.
278 |
279 | ## Using Kpow Secure Configuration in your Kafka Client Application
280 |
281 | Kpow provides support for strong encryption of variables by integrating the open-source [Kpow-Secure](https://github.com/factorhouse/kpow-secure) library.
282 |
283 | You can use the Kpow-Secure library to encrypt sensitive Kafka client configuration for your own client applications, then use the convenience of the Decoder API to convert encrypted payloads into `java.util.Properties` files.
284 |
285 | Then `.putAll` decoded secure properties into any normal plaintext properties before starting any Kafka client.
286 |
287 | ### AES Encrypted Client Configuration
288 |
289 | Kafka client configuration written to file in `java.util.Properties` format may look similar to:
290 |
291 | ```text
292 | security.protocol: SASL_PLAINTEXT
293 | sasl.mechanism: PLAIN
294 | sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="kpow" password="kpow-secret";
295 | ssl.truststore.location: /ssl/truststore.jks
296 | ssl.truststore.password: 1234
297 | ```
298 |
299 | Encrypt that payload with the following command, and a previously generated master key.
300 |
301 | ```bash
302 | java -cp ./kpow-2022-02-17.jar kpow.secure --key-file passphrase.key --encrypt-file config.props
303 | ```
304 |
305 | ```bash
306 | 16:05:20.769 INFO [main] kpow.secure –
307 |
308 | Kpow Encrypted:
309 | ---------------
310 |
311 | ARDayIDNu0cOn4b5JkdkpwOj8OGJQ6c1nUirUvfpI6e0/zWvq85FOlR3Mpja4ubIT5QmfEO2oKTp8VTQlteH7iYtmps9rlm37Vz6SSUdSR8JZV274kRyf8DaTgGP5PzcLtjp65/vOCDw7Et9HyLMx2KcDf7T2Uhg4rdnny+1ZTa/QIxdaiOU+JcsjJvOV5giiaUFgya4fd6GyQZmY4Q4pIFo8bLuSU3DbWLS54MMnlGFxTSYgKLDT0LuFtTe0gKRVGT5aGX3tprO13x7DGimAOM+a7DHE2ynSKtg95fbhOzIKU92QG1XE3HVJSiwCqJnOghjL8TPIr0iA133h/Q08F058RdEZ/ln771wkAsNC9LKew==
312 | ```
313 |
314 | ### Encrypting Text Containing Special Characters
315 |
316 | When encrypting text containing special characters you must either:
317 |
318 | 1. Quote input on the command line, or
319 | 2. Read input from file
320 |
321 | In the examples below we will encrypt text consisting of 'Abc' followed by [every special character defined by OWASP](https://owasp.org/www-community/password-special-characters).
322 |
323 | E.g.
324 | ```
325 | Abc !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
326 | ```
327 |
328 | #### Quote input on the command line
329 |
330 | From the [Bash reference manual](http://www.gnu.org/software/bash/manual/bashref.html#Single-Quotes)
331 |
332 | > Enclosing characters in single quotes (‘'’) preserves the literal value of each character within the quotes. A single quote may not occur between single quotes, even when preceded by a backslash.
333 |
334 | That means we can encrypt any text as long as it doesn't contain a single quote character like so:
335 |
336 | ```bash
337 | java -cp ./kpow-2022-02-17.jar kpow.secure --key-file passphrase.key --encrypt 'Abc !"#$%&()*+,-./:;<=>?@[\]^_`{|}~'
338 | ```
339 |
340 | ```bash
341 | 17:55:52.641 INFO [main] kpow.secure –
342 |
343 | Kpow Encrypted:
344 | ---------------
345 |
346 | ARAkkFNT2v9NdR6VHI/vUPjBsm83UAQkIZliwo3ZMFQehhFTeuRALee13vlpIvrZkhV6rAWCag+utW6JVSBWS3iA
347 | ```
348 |
349 | We can confirm that cipher text:
350 |
351 | ```
352 | java -cp ./kpow-2022-02-17.jar kpow.secure --key-file passphrase.key --decrypt ARAkkFNT2v9NdR6VHI/vUPjBsm83UAQkIZliwo3ZMFQehhFTeuRALee13vlpIvrZkhV6rAWCag+utW6JVSBWS3iA
353 | ```
354 |
355 | ```bash
356 | 17:58:40.185 INFO [main] kpow.secure –
357 |
358 | Kpow Decrypted:
359 | ---------------
360 |
361 | Abc !"#$%&()*+,-./:;<=>?@[\]^_`{|}~
362 | ```
363 |
364 | If your input contains single quote characters you will need to use the following method.
365 |
366 | #### Read input from file
367 |
368 | We can read input text from file, rather than providing it on the command line. This allows us to encrypt any file content, including text with single quotes among other special characters.
369 |
370 | ```bash
371 | cat input.txt
372 | ```
373 |
374 | ```bash
375 | Abc !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
376 | ```
377 |
378 | ```bash
379 | java -cp ./kpow-2022-02-17.jar kpow.secure --key-file passphrase.key --encrypt-file input.txt
380 | ```
381 |
382 | ```bash
383 | 19:18:47.811 INFO [main] kpow.secure –
384 |
385 | Kpow Encrypted:
386 | ---------------
387 |
388 | ARAFs1tSWti39JfChTIbrHSqHm3qXcSON34zk00ULn4A3Itxk6MEh71U0mNreq4Iiz59incH3PEtLHQkOoqpSjJK
389 | ```
390 |
391 | We can confirm that cipher text:
392 |
393 | ```bash
394 | java -cp ./kpow-2022-02-17.jar kpow.secure --key-file passphrase.key --decrypt ARAFs1tSWti39JfChTIbrHSqHm3qXcSON34zk00ULn4A3Itxk6MEh71U0mNreq4Iiz59incH3PEtLHQkOoqpSjJK
395 | ```
396 |
397 | ```bash
398 | 19:19:38.012 INFO [main] kpow.secure –
399 |
400 | Kpow Decrypted:
401 | ---------------
402 |
403 | Abc !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
404 | ```
405 |
406 | ### Kpow Secure Java API for Decryption
407 |
408 | Use the `io.kpow.secure.Decoder` to decode an encrypted payload with a master key and convert it to `java.util.Properties`.
409 |
410 | ```Java
411 | Properties mySecureProps = Decoder.properties("//iQh9KYe7pM+mevjifZPrm7YE2+rRloG1E15zzjR88=", "ARAOGa3BAZ2TMxbU1aj+tFYfNHNwnRh3r/w2sG7FA4L7fVRzArpzrxAd2dUovyDfel++FHgW1IFrinZddTo+KiYFYm2rsn+ul65eQ1L5t9MsBq3LpuGjoFDSxkYFZweo/w0=");
412 | ```
413 |
414 | Then merge those secure properties with your plaintext Kafka client properties.
415 |
416 | ```Java
417 | Properties clientProps = <...>
418 | clientProps.putAll(mySecureProps)
419 | ```
420 |
421 |
--------------------------------------------------------------------------------