In this hands-on example we send end-to-end encrypted messages through Instaclustr.

Ockam encrypts messages from a Producer all-of-the-way to a specific Consumer. Only that specific Consumer can decrypt these messages. This guarantees that your data cannot be observed or tampered with as it passes through Instaclustr or the network where it is hosted. The operators of Instaclustr can only see encrypted data in the network and in service that they operate. Thus, a compromise of the operator's infrastructure will not compromise the data stream's security, privacy, or integrity.

To learn how end-to-end trust is established, please read: “How does Ockam work?


This example requires Bash, Git, jq, Curl, Docker, and Docker Compose. Please set up these tools for your operating system, then run the following commands:

# Clone the Ockam repo from Github.
git clone --depth 1 && cd ockam

# Navigate to this example’s directory.
cd examples/command/portals/kafka/instaclustr/docker/

# Run the example, use Ctrl-C to exit at any point.

If everything runs as expected, you'll see the message: The example run was successful 🥳


The script, that you ran above, and its accompanying files are full of comments and meant to be read. The example setup is only a few simple steps, so please take some time to read and explore.

This example requires Instaclustr Username and API key to create a kafka cluster to use for the example. You can create a trial account at


Instaclustr Operator

# Create a dedicated and isolated virtual network for instaclustr_operator.
    driver: bridge

Application Teams

# Create a dedicated and isolated virtual network for application_team.
      driver: bridge


We sent end-to-end encrypted messages through Instaclustr.

Messages are encrypted with strong forward secrecy as soon as they leave a Producer, and only the intended Consumer can decrypt those messages. Instaclustr and other Consumers can only see encrypted messages.

All communication is mutually authenticated and authorized. Keys and credentials are automatically rotated. Access can be easily revoked.


To delete all containers, images and instaclustr cluster:

./ cleanup

Last updated