Revoke Access to Data at Rest for Dedicated Kafka Clusters with Self-managed Encryption Keys¶
Self-managed encryption keys used with Dedicated clusters on Confluent Cloud require access by Confluent to operate properly. You have full control over the encryption key and can revoke access to the key at any time. When you revoke access to the encryption key, Confluent has no access your data.
Only revoke access if you have a major security concern and need to completely remove Confluent access to your data.
When you disable, or revoke, access to the encryption key for a cluster, the cluster immediately stops working, even if not shown immediately in the Confluent Cloud Console. After you revoke the key, the cluster is unavailable.
Step 1: Delete your Confluent Cloud cluster¶
Step 2: Revoke access to the master key¶
Follow the instructions for your cloud service provider to revoke access to the master key.
Go to Azure Key Vault in your Azure Portal at https://portal.azure.com/ and delete the service principal associated with the key.