Confluent Keys

Bridgecrew Policy ID: BC_GIT_32
Chekov Check ID: CKV_SECRET_32
Severity: LOW

Confluent Keys

Description

API keys for Confluent Cloud can be created with user and service accounts. A service account is intended to provide an identity for an application or service that needs to perform programmatic operations within Confluent Cloud. When moving to production, ensure that only service account API keys are used. Avoid user account API keys, except for development and testing. If a user leaves and a user account is deleted, all API keys created with that user account are deleted and might break applications.

Fix - Buildtime

Confluent Cloud

  1. From the appropriate API Access tab for the Kafka, Schema Registry, or ksqlDB resource, select the key that you want to delete.
  2. Click the trash icon. The Confirm API key deletion dialog appears.
  3. Click Confirm.