Restrict Access to Confluent Cloud

User accounts in Confluent Cloud have superuser admin privileges by default. To provide restricted access to your cluster you can distribute API keys using the Kafka command-line tools.

  • Confluent Platform is installed on the same local machine as the Confluent Cloud CLI.
  1. Create a properties file with the following contents, including and API key (api-key) and secret (<api-secret>) pair, and bootstrap servers (<broker-endpoint1>) and save as A superuser can provide an API key/secret pair.

    bootstrap.servers=<broker-endpoint1, broker-endpoint2, broker-endpoint3> required
      password="<api-secret>" \
  2. Run your kafka- tools with the specified. For example:

    • kafka-topics

      kafka-topics --create --bootstrap-server <broker-endpoint> --replication-factor 3 \
      --partitions 1 --topic my-topic --command-config
    • kafka-console-producer

      kafka-console-producer --topic my-topic --producer.config \
      --broker-list <broker-endpoint>
    • kafka-console-consumer

      kafka-console-consumer --topic my-topic --consumer.config \
      --bootstrap-server <broker-endpoint> --from-beginning