Skip to content

Confluent API Key

Service Name: Confluent Cloud

Service Description: Confluent Cloud is a fully managed, cloud-native service for Apache Kafka that enables organizations to build and run mission-critical real-time applications and data pipelines on a scalable, resilient, and secure platform.

Service Address: https://confluent.cloud/

Validation Type: API Auth

IP Allow list: IP filtering is available at the cluster level through network access control lists (ACLs).

Secret Access Scope: Grants programmatic access to Confluent Cloud resources including Kafka clusters, Schema Registry, ksqlDB, and other Confluent services.

Secret Revokement URL: https://docs.confluent.io/cloud/current/access-management/identity/api-keys/api-keys.html#delete-an-api-key

Secret Example: ABCDEFGHIJKLMNOPQRST1234567890ABCDEFGHIJKLMNOPQRST

Suspicious Activity Investigation Instructions:

  • Review Confluent Cloud audit logs for unusual API calls or resource access.
  • Check for unexpected changes to Kafka topics, consumer groups, or schemas.
  • Monitor for unusual traffic patterns or data throughput in your Kafka clusters.
  • Verify if there are any unauthorized service accounts or API keys created.
  • Examine any changes to ACLs or permission settings.

Mitigation Instructions:

  • Log in to the Confluent Cloud Console.
  • Navigate to the "API keys" section under "Data Integration".
  • Locate the compromised API key.

  • Click on the three dots menu next to the key and select "Delete".

  • Confirm the deletion.
  • Create a new API key with appropriate permissions if needed.
  • Update all applications and services that were using the old key.
  • Review and update your security policies to prevent future exposures.