From 027c66d47f25ecb7ab481ed9b25c321b15e2d229 Mon Sep 17 00:00:00 2001
From: Victoria Xia <victoria.xia@confluent.io>
Date: Mon, 21 Mar 2022 13:28:35 -0700
Subject: [PATCH] docs: add note about prefixed kafka SSL configs (#8910)

---
 .../installation/server-config/security.md             | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/operate-and-deploy/installation/server-config/security.md b/docs/operate-and-deploy/installation/server-config/security.md
index 6241bf314eb9..37a051d06be5 100644
--- a/docs/operate-and-deploy/installation/server-config/security.md
+++ b/docs/operate-and-deploy/installation/server-config/security.md
@@ -605,6 +605,16 @@ details, and instructions on how to create suitable trust stores, please
 refer to the
 [Security Guide](https://docs.confluent.io/current/security/index.html).
 
+To use separate trust stores for encrypted communication with {{ site.ak }}
+and external communication with ksqlDB clients, prefix the SSL truststore configs
+with `ksql.streams.`:
+
+```properties
+security.protocol=SSL
+ksql.streams.ssl.truststore.location=/etc/kafka/secrets/kafka.client.truststore.jks
+ksql.streams.ssl.truststore.password=confluent
+```
+
 ### Configure Kafka Authentication
 
 This configuration enables ksqlDB to connect to a secure Kafka cluster