mcp_kafka
Verified Safeby williajm
Overview
Provides AI assistants with safe, controlled access to Apache Kafka clusters using the Model Context Protocol (MCP).
Installation
uv run mcp-kafkaEnvironment Variables
- KAFKA_BOOTSTRAP_SERVERS
- KAFKA_SECURITY_PROTOCOL
- KAFKA_CLIENT_ID
- KAFKA_TIMEOUT
- KAFKA_SASL_MECHANISM
- KAFKA_SASL_USERNAME
- KAFKA_SASL_PASSWORD
- KAFKA_SASL_KERBEROS_SERVICE_NAME
- KAFKA_SASL_KERBEROS_KEYTAB
- KAFKA_SASL_KERBEROS_PRINCIPAL
- KAFKA_SSL_CA_LOCATION
- KAFKA_SSL_CERTIFICATE_LOCATION
- KAFKA_SSL_KEY_LOCATION
- KAFKA_SSL_KEY_PASSWORD
- SAFETY_ALLOW_WRITE_OPERATIONS
- SAFETY_MAX_CONSUME_MESSAGES
- SAFETY_MAX_MESSAGE_SIZE
- SAFETY_TOPIC_BLOCKLIST
- SAFETY_ALLOWED_TOOLS
- SAFETY_DENIED_TOOLS
- SECURITY_RATE_LIMIT_ENABLED
- SECURITY_RATE_LIMIT_RPM
- SECURITY_AUDIT_LOG_ENABLED
- SECURITY_AUDIT_LOG_FILE
- SECURITY_ALLOWED_CLIENT_IPS
- SECURITY_OAUTH_ENABLED
- SECURITY_OAUTH_ISSUER
- SECURITY_OAUTH_AUDIENCE
- SECURITY_OAUTH_JWKS_URL
- MCP_SERVER_NAME
- MCP_LOG_LEVEL
- MCP_LOG_FORMAT
- MCP_JSON_LOGGING
- MCP_DEBUG_MODE
- MCP_KAFKA_LOG_PATH
Security Notes
The server demonstrates a strong commitment to security. It implements 2-tier access control (READ/READ_WRITE), actively protects internal Kafka topics and consumer groups, and allows for custom topic blocklists. Message size limits and consume limits are enforced. For network transports, it offers optional OAuth/OIDC authentication with JWT validation, including critical SSRF protection for JWKS URLs (blocking private IPs and dangerous hostnames). Rate limiting is available to prevent abuse. Comprehensive audit logging, with sensitive data redaction and argument truncation, is included for compliance and monitoring. Warnings are logged for potentially insecure HTTP configurations (non-localhost binding without OAuth/TLS). Sensitive credentials (e.g., SASL passwords, SSL key passwords) are handled using `SecretStr` to prevent accidental logging.
Similar Servers
kafka-mcp-server
Enables LLM models and AI applications to interact with Apache Kafka for producing/consuming messages, managing topics, monitoring consumer groups, and assessing cluster health via the Model Context Protocol (MCP).
mcp-server-kibana
This server provides a Model Context Protocol (MCP) interface to Kibana, enabling natural language or programmatic access for managing saved objects, executing API requests, and querying server status, with multi-space and dual transport support.
kafka-schema-reg-mcp
A comprehensive Model Context Protocol (MCP) server that provides Claude Desktop and other MCP clients with tools for Kafka Schema Registry operations, including schema management, migration, and export.
lenses-mcp
This MCP server provides a programmatic interface for LLMs to interact with Lenses, a DataOps tool for Apache Kafka, allowing management of Kafka topics, consumer groups, connectors, and execution of Lenses SQL queries.