[Verse 1]
Data travels naked through the wire
Producers craft their payload armor
TLS wraps the transport layer tight
But messages need fortress stronger
Application-level shields emerge
Encrypt before the topic merge
[Chorus]
Lock it down from source to sink
End-to-end without a chink
Vault and KMS hold the keys
Certificate mysteries
Rotate, validate, comply
Encryption's how we fortify
[Verse 2]
HashiCorp Vault becomes the keeper
Secret engine serves the cipher
Dynamic secrets, leased and timed
Policy controls who gets assigned
AWS KMS in the cloud
Hardware security makes us proud
[Chorus]
Lock it down from source to sink
End-to-end without a chink
Vault and KMS hold the keys
Certificate mysteries
Rotate, validate, comply
Encryption's how we fortify
[Bridge]
Certificate lifecycle spins around
Issue, deploy, renew, then ground
Compliance reports track every move
Audit trails help us prove
PKCS twelve bundles up the store
Keystores guard what we adore
[Verse 3]
Consumer code decrypts the stream
Symmetric keys fulfill the scheme
Envelope method wraps it neat
Data encryption key complete
Key encryption key protects
Architecture interconnects
[Chorus]
Lock it down from source to sink
End-to-end without a chink
Vault and KMS hold the keys
Certificate mysteries
Rotate, validate, comply
Encryption's how we fortify
[Outro]
Trust stores validate the chain
Security without the strain
Strimzi makes Kafka secure
Enterprise grade, that's for sure