Skip to content

Confluent API Secret

Service Name: Confluent Cloud

Service Description: Confluent Cloud is a fully managed, cloud-native service for Apache Kafka that enables organizations to build real-time event streaming applications without the operational burden of managing Kafka infrastructure.

Service Address: https://confluent.cloud/

Validation Type: API Auth

IP Allow list: IP filtering is available at the cluster level through network access control lists (ACLs).

Secret Access Scope: Grants programmatic access to Confluent Cloud resources including Kafka clusters, Schema Registry, ksqlDB applications, and Confluent Cloud API endpoints.

Secret Revokement URL: https://docs.confluent.io/cloud/current/access-management/api-keys/api-keys.html#delete-an-api-key

Secret Example: ABCDEFGHIJKLMNOPQRST1234567890abcdefghijklmnopqrst

Suspicious Activity Investigation Instructions:

  • Review Confluent Cloud audit logs for unusual API calls or resource access
  • Check for unexpected topic creation, deletion, or configuration changes
  • Monitor for unusual data throughput or consumer group activity
  • Verify if the API key was used from unexpected geographic locations
  • Examine Schema Registry for unauthorized schema changes
  • Check for unauthorized connector configurations or changes

Mitigation Instructions:

  • Log in to the Confluent Cloud Console

  • Navigate to the "API keys" section in the environment where the key was

created

  • Locate the compromised API key in the list
  • Click the three-dot menu next to the key and select "Delete"
  • Confirm the deletion when prompted
  • Create a new API key with appropriate permissions if needed
  • Update all applications and services that were using the old key
  • Review and tighten the scope of permissions for the new API key
  • Consider implementing IP-based restrictions for the new API key
  • Enable audit logging if not already enabled to monitor future activity