Revoke Access to Data at Rest for Dedicated Kafka Clusters with Self-managed Encryption Keys¶
Self-managed encryption keys used with Dedicated clusters on Confluent Cloud require access by Confluent to operate properly. You have full control over the encryption key and can revoke access to the key at any time. When you revoke access to the encryption key, Confluent has no access your data.
Warning
Only revoke access if you have a major security concern and need to completely remove Confluent access to your data.
When you disable, or revoke, access to the encryption key for a cluster, the cluster immediately stops working, even if not shown immediately in the Confluent Cloud Console. After you revoke the key, the cluster is unavailable.
Step 1: Delete your Confluent Cloud cluster¶
- In your Confluent Cloud environment, stop all clients (producers and consumers) connected to your Confluent Cloud Kafka cluster.
- Go the Confluent Cloud Console at https://confluent.cloud/login and delete your cluster.
Step 2: Revoke access to the master key¶
Follow the instructions for your cloud service provider to revoke access to the master key.
Go to the AWS KMS console at console.aws.amazon.com/kms/home and disable access to the master key.
Related content
Go to Azure Key Vault in your Azure Portal at https://portal.azure.com/ and delete the service principal associated with the key.
Related content
Go to the Key Management page in the Google Cloud console at https://console.cloud.google.com/security/kms/ and disable access to the master key.
Related content