Revoke Access to Data at Rest for Dedicated and Enterprise Kafka Clusters on Confluent Cloud¶
Self-managed encryption keys used with Dedicated and Enterprise clusters on Confluent Cloud require access by Confluent to operate properly. You have full control over the encryption key and can revoke access to the key at any time. When you revoke access to the encryption key, Confluent has no access your data.
Warning
Only revoke access if you have a major security concern and need to completely remove Confluent access to your data.
When you disable, or revoke, access to the encryption key for a cluster, the cluster eventually stops. During this period, Confluent cannot guarantee SLA or data integrity.
If you are using Tableflow with Confluent Managed Storage, revoking access to the encryption key makes your Tableflow data inaccessible.
Step 1: Delete your Confluent Cloud cluster¶
- In your Confluent Cloud environment, stop all clients (producers and consumers) connected to your Confluent Cloud Kafka cluster.
- If you are using Tableflow with Confluent Managed Storage, note that disabling Tableflow-enabled topics before revoking access prevents data access but does not delete the stored Tableflow data.
- Go the Confluent Cloud Console at https://confluent.cloud/login and delete your cluster.
Step 2: Revoke access to the master key¶
Follow the instructions for your cloud service provider to revoke access to the master key.
Go to the AWS KMS console at console.aws.amazon.com/kms/home and disable access to the master key.
Related content
Go to Azure Key Vault in your Azure Portal at https://portal.azure.com/ and delete the service principal associated with the key.
Related content
Go to the Key Management page in the Google Cloud console at https://console.cloud.google.com/security/kms/ and disable access to the master key.
Related content