diff --git a/config/settings.yml b/config/settings.yml
index b3bfa0fa108..bdaf678fd14 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -649,7 +649,9 @@ kafka_producer:
   aws_region: "us-gov-west-1"
   aws_role_arn: <%= ENV['kafka_producer__aws_role_arn'] %>
   broker_urls: <%= ENV['kafka_producer__broker_urls'] %>
+  sasl_mechanisms: 'OAUTHBEARER'
   schema_registry_url: <%= ENV['kafka_proudcer__schema_registry_url'] %>
+  security_protocol: 'sasl_ssl'
 kms_key_id: <%= ENV['kms_key_id'] %>
 lgy:
   api_key: <%= ENV['lgy__api_key'] %>
diff --git a/config/settings/development.yml b/config/settings/development.yml
index 5b975cda211..90b65f97ddf 100644
--- a/config/settings/development.yml
+++ b/config/settings/development.yml
@@ -649,7 +649,9 @@ kafka_producer:
   aws_region: "us-gov-west-1"
   aws_role_arn: "arn:aws:iam::123456789012:role/role-name" # this is an example
   broker_urls: ["localhost:19092"] # for local Kafka cluster in Docker
+  sasl_mechanisms: 'GSSAPI'
   schema_registry_url: "http://localhost:8081" # for local Schema Registry in Docker
+  security_protocol: 'plaintext'
 kms_key_id: ~
 lgy:
   api_key: ~
diff --git a/config/settings/test.yml b/config/settings/test.yml
index d8c9791358a..5a4cd2fbfc5 100644
--- a/config/settings/test.yml
+++ b/config/settings/test.yml
@@ -643,7 +643,9 @@ kafka_producer:
   aws_region: "us-gov-west-1"
   aws_role_arn: 'arn:aws:iam::123456789012:role/role-name' # this is an example
   broker_urls: ['localhost:19092'] # for local Kafka cluster in Docker
-  schema_registry_url: 'http://localhost:8081' # for local Schema Registry in Docker
+  sasl_mechanisms: 'GSSAPI'
+  schema_registry_url: "http://localhost:8081" # for local Schema Registry in Docker
+  security_protocol: 'plaintext'
 kms_key_id: ~
 lgy:
   api_key: fake_api_key
diff --git a/lib/kafka/producer_manager.rb b/lib/kafka/producer_manager.rb
index de6ed7fc4b0..ccaf1e173d6 100644
--- a/lib/kafka/producer_manager.rb
+++ b/lib/kafka/producer_manager.rb
@@ -22,7 +22,9 @@ def setup_producer
         config.kafka = {
           'bootstrap.servers': Settings.kafka_producer.broker_urls.join(','),
           'request.required.acks': 1,
-          'message.timeout.ms': 100
+          'message.timeout.ms': 100,
+          'security.protocol': Settings.kafka_producer.security_protocol,
+          'sasl.mechanisms': Settings.kafka_producer.sasl_mechanisms
         }
         config.logger = Rails.logger
         config.client_class = if Rails.env.test?