In the 4.5.0 release, the BookKeeper community added a number of features that can be used, together or separately, to secure a BookKeeper cluster.
The following security measures are currently supported:
Authentication of connections to bookies from clients, using either TLS or SASL (Kerberos).
Authentication of connections from clients, bookies, autorecovery daemons to ZooKeeper, when using zookeeper based ledger managers.
Encryption of data transferred between bookies and clients, between bookies and autorecovery daemons using TLS.
It’s worth noting that security is optional - non-secured clusters are supported, as well as a mix of authenticated, unauthenticated, encrypted and non-encrypted clients.
NOTE: currently authorization is not yet available in 4.5.0. The Apache BookKeeper community is looking for adding this feature in subsequent releases.