This Apache Druid module contains a simple implementation of SSLContext that will be injected to be used with HttpClient that Druid processes use internally to communicate with each other. To learn more about Java’s SSL support, please refer to this guide.

    PropertyDescriptionDefaultRequired
    druid.client.https.protocolSSL protocol to use.TLSv1.2no
    druid.client.https.trustStoreTypeThe type of the key store where trusted root certificates are stored.java.security.KeyStore.getDefaultType()no
    druid.client.https.trustStorePathThe file path or URL of the TLS/SSL Key store where trusted root certificates are stored.noneyes
    druid.client.https.trustStoreAlgorithmAlgorithm to be used by TrustManager to validate certificate chainsjavax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()no
    druid.client.https.trustStorePasswordThe Password Provider or String password for the Trust Store.noneyes

    The following table contains optional parameters for supporting client certificate authentication:

    PropertyDescriptionDefaultRequired
    druid.client.https.keyStorePathThe file path or URL of the TLS/SSL Key store containing the client certificate that Druid will use when communicating with other Druid services. If this is null, the other properties in this table are ignored.noneyes
    druid.client.https.keyStoreTypeThe type of the key store.noneyes
    druid.client.https.certAliasAlias of TLS client certificate in the keystore.noneyes
    druid.client.https.keyStorePasswordThe Password Provider or String password for the Key Store.noneno
    druid.client.https.keyManagerFactoryAlgorithmAlgorithm to use for creating KeyManager, more details here.javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm()no
    druid.client.https.keyManagerPasswordThe Password Provider or String password for the Key Manager.noneno
    druid.client.https.validateHostnamesValidate the hostname of the server. This should not be disabled unless you are using custom TLS certificate checks and know that standard hostname validation is not needed.trueno

    This document lists all the possible values for the above mentioned configs among others provided by Java implementation.