Confluent API Secret
Service Name: Confluent Cloud
Service Description: Confluent Cloud is a fully managed, cloud-native service for Apache Kafka that enables organizations to build real-time event streaming applications without the operational burden of managing Kafka infrastructure.
Service Address: https://confluent.cloud/
Validation Type: API Auth
IP Allow list: IP filtering is available at the cluster level through network access control lists (ACLs).
Secret Access Scope: Grants programmatic access to Confluent Cloud resources including Kafka clusters, Schema Registry, ksqlDB applications, and Confluent Cloud API endpoints.
Secret Revokement URL: https://docs.confluent.io/cloud/current/access-management/api-keys/api-keys.html#delete-an-api-key
Secret Example: ABCDEFGHIJKLMNOPQRST1234567890abcdefghijklmnopqrst
Suspicious Activity Investigation Instructions:
- Review Confluent Cloud audit logs for unusual API calls or resource access
- Check for unexpected topic creation, deletion, or configuration changes
- Monitor for unusual data throughput or consumer group activity
- Verify if the API key was used from unexpected geographic locations
- Examine Schema Registry for unauthorized schema changes
- Check for unauthorized connector configurations or changes
Mitigation Instructions:
-
Log in to the Confluent Cloud Console
-
Navigate to the "API keys" section in the environment where the key was
created
- Locate the compromised API key in the list
- Click the three-dot menu next to the key and select "Delete"
- Confirm the deletion when prompted
- Create a new API key with appropriate permissions if needed
- Update all applications and services that were using the old key
- Review and tighten the scope of permissions for the new API key
- Consider implementing IP-based restrictions for the new API key
- Enable audit logging if not already enabled to monitor future activity