V2 detector for needed for new Confluent Cloud secret pattern #4490
Description
Please review the Community Note before submitting
Description
Confluent recently released a new pattern for all types of API keys (control plane and data plane). The new API keys include cflt prefix and a CRC32 checksum at the end and hence can be easily verified without any HTTP API calls .
Preferred Solution
We need to create a new detector for the changed secret pattern.
new API keys only contain A-Z and 0-9 , so we will account for this in V2 detector.
Additional Context
The V1 detector for Confluent relied on an API call that is only accessible to the OrgAdmin user. This API call only listed confluent cloud control plane API keys and omitted resource scoped data plane API keys. Thus, the V1 detector verification was flawed. However, I don't think there is any way to improve the v1 verification because we cannot distinguish between control plane versus data plane API keys based on key or secret and we cannot make data plane resource API calls without knowing the resource names.