Confluent Documentation

confluent byok create¶

Description¶

Bring your own key to Confluent Cloud for data at rest encryption.

confluent byok create <key> [flags]

Flags¶

    --key-vault string   The ID of the Azure Key Vault where the key is stored.
    --tenant string      The ID of the Azure Active Directory tenant that the key vault belongs to.
-o, --output string      Specify the output format as "human", "json", or "yaml". (default "human")

Global Flags¶

-h, --help            Show help for this command.
    --unsafe-trace    Equivalent to -vvvv, but also log HTTP requests and responses which might contain plaintext secrets.
-v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).

Examples¶

Register a new self-managed encryption key for AWS:

confluent byok create "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"

Register a new self-managed encryption key for Azure:

confluent byok create "https://vault-name.vault.azure.net/keys/key-name" --tenant "00000000-0000-0000-0000-000000000000" --key-vault "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup-name/providers/Microsoft.KeyVault/vaults/vault-name"

Register a new self-managed encryption key for GCP:

confluent byok create "projects/exampleproject/locations/us-central1/keyRings/testkeyring/cryptoKeys/testbyokkey/cryptoKeyVersions/3"

See Also¶

confluent byok - Manage your keys in Confluent Cloud.