Use the Confluent CLI with multiple credentials

You can provide restricted access to Confluent Cloud resources using the Confluent CLI by using the confluent context create command. This command allows you to authenticate with Confluent Cloud using a Kafka API key and secret pair instead of a user account. When you connect to a cluster using this command, you are limited to produce and consume. Topic management is not supported.

Each authentication instance that you create is saved.

  1. Create and sign in to your environment by using the confluent context create command, where <context-name> is your environment name. This requires a Kafka API key and the bootstrap server URL of the Confluent Cloud environment.

    The context-name here is basically the combination of a user and a server. For example, each of the following can be considered a different context:

    • Jane <> https://localhost:8090
    • David <> https://localhost:8090
    • David <> https://test-env:8090

    Changing contexts is useful when you must switch back and forth between multiple CLI users, such as a super user and some other user with limited capabilities as defined by their RBAC role.

    There are two Confluent CLI commands available to configure context:

    • To select and configure an already-existing context, use the confluent context use command.
    • To create a new context, use the confluent context create command when logging in to the Confluent CLI, as shown below. You must use a Kafka API key and secret for produce and/or consume (rather than your Confluent Cloud user credentials).
    confluent context create <context-name> --bootstrap <kafka-cluster-url> --api-key <api-key> --api-secret <secret>
  2. You can now produce or consume to your Confluent Cloud environment. For more information, see confluent kafka topic consume.