Generate an API Key for Access in Confluent Cloud for Apache Flink

To manage Flink workloads programmatically in Confluent Cloud for Apache Flink®️, you need an API key that’s specific to Flink. You can use the Confluent CLI, the Confluent Cloud APIs, the Confluent Terraform Provider, or the Cloud Console to create API keys.

Before you create an API key for Flink access, decide whether you want to create long-running statements. If you need long-running statements, you should use a service account and create an API key for it. If you only need to run interactive queries or run statements for a short time while developing queries, you can create an API key for your user account.

A Flink API key is scoped to an environment and region pair, for example, env-abc123.aws.us-east-2. The key enables creating, reading, updating, and deleting Flink SQL statements.

To create an API key for Flink access by using the Confluent Cloud APIs or the Confluent Terraform Provider, you must first create a Cloud API key. This step is done automatically if you use the Confluent CLI to create an API key for Flink access.

Create a service account (optional)

If you need to create long-running Flink SQL statements, create a service account principal before you create a Flink API key.

  1. Create a service account by using the Cloud Console or the CLI.

  2. Assign the OrganizationAdmin role to the service account by following the steps in Add a role binding to a principal.

  3. Store the service account ID in a convenient location, for example, in an environment variable:

    export PRINCIPAL_ID="<service-account-id>"
    

Generate an API Key

You can use the Confluent Cloud APIs, the Confluent Terraform Provider, the Confluent CLI, or the Cloud Console to create an API key for Flink access.

You can use the Cloud Console to generate an API key for Flink access.

  1. Log in to the Confluent Cloud Console and navigate to the environment that hosts your data and compute pools.

  2. Click Flink and in the Flink overview page, click API keys.

  3. Click Add API Key to open the Create API key page.

  4. Select either the My acccess tile to create an API key for your user account or the Granular access tile to create an API key for a service account.

    For production Flink deployments, select the Granular access option, and click either Existing account or New account to assign the service account principal.

  5. Click Next to open the Resource scope page.

  6. Select the cloud provider and region for the API key. Ensure that you choose the same provider and region where your data and compute pools are located.

  7. Click Next to open the API key detail page.

  8. Enter a name and a description for the new API key. This step is optional.

  9. Click Create API key. The API key download page opens.

  10. Click Download API key and save the key to a secure location on your local machine.

  11. Click Complete.


When your API key and secret are generated, save them in environment variables for later use.

export FLINK_API_KEY="<flink-api-key>"
export FLINK_API_SECRET="<flink-api-secret>"

You can manage the API key by using the Confluent CLI commands. For more information, see confluent api-key . Also, you can use the REST API and Cloud Console.