Change effective on 17 July 2017
Heroku needs to rotate the CA certificates involved in authentication from time to time, in order to keep services secure and up to date. A rotation of this sort is due for the Kafka clusters managed by Heroku.
KAFKA_TRUSTED_CERT environment variable used when connecting to an Apache Kafka cluster will start containing multiple PEM encoded certificates on July 31st, 2017. Starting two weeks after that, the week of August 14th, clusters will start undergoing Certificate Authority (CA) certificate rotation.
Please refer to our Dev Center documentation to understand how various client libraries should handle this.
Here is the full timeline:
KAFKA_TRUSTED_CERTconfig var. This is only a config var change, but is necessary to ensure that certificates can be rotated without a large potential impact to your application.
KAFKA_CLIENT_CERT_KEYconfig vars will receive updates, and the clusters will receive rolling broker restarts.
To best handle these changes, ensure that your application: