Amazon MSK now supports SASL/SCRAM authentication with usernames and passwords secured by AWS Secrets Manager
Amazon Managed Streaming for Apache Kafka (Amazon MSK) can now authenticate Apache Kafka clients using usernames and passwords for new clusters, secured by AWS Secrets Manager. Username and password authentication uses SASL/SCRAM (Simple Authentication and Security Layer/Salted Challenge Response Authentication Mechanism), a popular authentication mechanism supported by Apache Kafka. By storing credentials in AWS Secrets Manager, you can reduce the overhead of maintaining a traditional Apache Kafka authentication system, including: auditing, updating, and rotating client credentials. You can also centrally and securely manage credentials for multiple clusters directly from the AWS Management console. SASL/SCRAM authentication can be used in all AWS regions where MSK is available.
Source:: Amazon AWS