Confluent API Key
Service Name: Confluent Cloud
Service Description: Confluent Cloud is a fully managed, cloud-native service for Apache Kafka that enables organizations to build and run mission-critical real-time applications and data pipelines on a scalable, resilient, and secure platform.
Service Address: https://confluent.cloud/
Validation Type: API Auth
IP Allow list: IP filtering is available at the cluster level through network access control lists (ACLs).
Secret Access Scope: Grants programmatic access to Confluent Cloud resources including Kafka clusters, Schema Registry, ksqlDB, and other Confluent services.
Secret Revokement URL: https://docs.confluent.io/cloud/current/access-management/identity/api-keys/api-keys.html#delete-an-api-key
Secret Example: ABCDEFGHIJKLMNOPQRST1234567890ABCDEFGHIJKLMNOPQRST
Suspicious Activity Investigation Instructions:
- Review Confluent Cloud audit logs for unusual API calls or resource access.
- Check for unexpected changes to Kafka topics, consumer groups, or schemas.
- Monitor for unusual traffic patterns or data throughput in your Kafka clusters.
- Verify if there are any unauthorized service accounts or API keys created.
- Examine any changes to ACLs or permission settings.
Mitigation Instructions:
- Log in to the Confluent Cloud Console.
- Navigate to the "API keys" section under "Data Integration".
-
Locate the compromised API key.
-
Click on the three dots menu next to the key and select "Delete".
- Confirm the deletion.
- Create a new API key with appropriate permissions if needed.
- Update all applications and services that were using the old key.
- Review and update your security policies to prevent future exposures.