Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Connecting to a namespace

Written by
Updated at February 5, 2025

To connect to a namespace, use cURL or Debezium.

Before connecting to a namespace, create a service account and assign it the relevant roles.

  1. Install the certificate:

    sudo mkdir --parents /usr/local/share/ca-certificates/Yandex && \
sudo wget "https://crls.yandex.net/YandexInternalCA.crt" \
   --output-document /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt && \
sudo chmod 655 /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt && \
sudo update-ca-certificates

  2. Create an API key with a limited scope and place it in the SECRET local variable:

    yc iam api-key create --folder-id <folder_ID> \
  --service-account-name <name_of_service_account_for_operations_with_Schema_Registry> \
  --scope yc.schema-registry.schemas.manage \
  --expires-at '2030-01-01T00:00:00Z' >./api-key.yaml && \
SECRET=`cat ./api-key.yaml | grep 'secret:' | awk '{print $2}'`

    If using a key with a limited scope, you can set any TTL you need.

  3. Connect to the namespace:

    curl -X GET "https://<namespace_ID>.schema-registry.yandexcloud.net:443/subjects" \
   -H "accept: application/json" --user 'api-key:'$SECRET

  1. Install the certificate:

    sudo mkdir ./cert && \
sudo wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" --output-document ./cert/CA.pem && \
sudo openssl x509 -outform der -in ./cert/CA.pem -out ./cert/CA.der && \
sudo keytool -importcert -noprompt -alias ca -file ./cert/CA.der -keystore ./cert/CA.p12 -storepass STOREPASSW0RD

  2. Download an up-to-date Debezium connector and unpack it to the /etc/debezium/plugins/ directory.

  3. Create an API key with a limited scope and place it in the SECRET local variable:

    yc iam api-key create --folder-id <folder_ID> \
  --service-account-name <name_of_service_account_for_operations_with_Schema_Registry> \
  --scope yc.schema-registry.schemas.manage \
  --expires-at '2030-01-01T00:00:00Z' >./api-key.yaml && \
SECRET=`cat ./api-key.yaml | grep 'secret:' | awk '{print $2}'`

    If using a key with a limited scope, you can set any TTL you need.

  4. Add the following parameters to the Debezium connector configuration file:

    "ssl.truststore.location": "/cert/CA.p12",
"ssl.truststore.type": "PKCS12",
"ssl.truststore.password": "STOREPASSW0RD",
"value.converter": "io.confluent.connect.json.JsonSchemaConverter",
"value.converter.schema.registry.url": "https://<namespace_ID>.schema-registry.yandexcloud.net:443",
"value.converter.basic.auth.credentials.source": "USER_INFO",
"value.converter.basic.auth.user.info": "api-key:%SECRET%"

  5. To connect to the namespace, run Debezium.

Previous
Editing a namespace
Next
Deleting a namespace