Encryption sounds like the perfect solution for GDPR compliance in Kafka—until you actually have to implement it. Then reality kicks in: too many keys, too expensive, unusable BI, painful rotations, caching nightmares, performance degradation, backward compatibility headaches, and compression shenanigans.

And the worst part? These problems exist no matter which encryption mechanism you choose!

In this talk, we’ll go beyond the usual “just encrypt it” advice and dive into the real-world problems of managing encryption at scale.

We’ll explore:

Key explosion: How quickly you end up drowning in (costly) keys and what to do about it.
Algorithms: Which one to choose... and Why?
Rotation pain: Why key rotations break things and how to make them safer.
Caching trade-offs: Performance vs. security, and why getting it wrong is a disaster.
Data impact: How encryption affects retention, compaction, and Kafka’s internals.
Backward compatibility hell: Why decrypting old messages isn’t as easy as you think.
Compression nightmares: How encryption wrecks compression, bloats storage, and kills throughput.

This session is for engineers, architects, and decision-makers who want to make encryption work in Kafka—without wrecking performance, reliability, or maintainability.

If you thought encryption was a silver bullet, this talk will show you why it’s just the beginning of the challenge.