The following Confluent Cloud CLI example shows how to create a Confluent Cloud
cluster that uses a self-managed encryption key. Any content in brackets (
<>) must be customized for your environment.
ccloud kafka cluster create <cluster-name> --cloud "gcp" --region "<KMS-region>" --type "dedicated" --encryption-key "<GCP-key-resource-namespace>"
Create a role with these permissions, add the identity as a member of your key, and grant your role to the member.
Please confirm you've authorized the key for this account: <service-account> (y/n):y