Revoke Access to Data at Rest for Dedicated Kafka Clusters on Confluent Cloud

Self-managed encryption keys used with Dedicated clusters on Confluent Cloud require access by Confluent to operate properly. You have full control over the encryption key and can revoke access to the key at any time. When you revoke access to the encryption key, Confluent has no access your data.


Only revoke access if you have a major security concern and need to completely remove Confluent access to your data.

When you disable, or revoke, access to the encryption key for a cluster, the cluster immediately stops working, even if not shown immediately in the Confluent Cloud Console. After you revoke the key, the cluster is unavailable.

Step 1: Delete your Confluent Cloud cluster

  1. In your Confluent Cloud environment, stop all clients (producers and consumers) connected to your Confluent Cloud Kafka cluster.
  2. Go the Confluent Cloud Console at and delete your cluster.

Step 2: Revoke access to the master key

Follow the instructions for your cloud service provider to revoke access to the master key.