How to rotate confluent cloud keys API keys through terraform of keys are deleted manually

Question

I had created confluent cloud keys trough terraform. While working on some of the ACL on confluent I encountered a key expiration issue. then, I manually deleted the key from confluent cloud. After that, my ACL are not working. Any suggestion to how to fix it ?

Edit to add more details as people could not understand the problem. This is more of a confluent problem than it is of terraform.

ERROR

Error: error reading Kafka ACLs: 401 Unauthorized: Unauthorized
│ 
│   with confluent_kafka_acl.app-connector-read-on-target-topic[46],
│   on sink.tf line 158, in resource "confluent_kafka_acl" "app-connector-read-on-target-topic":
│  158: resource "confluent_kafka_acl" "app-connector-read-on-target-topic" {

Confluent documentation below also highlights the

https://registry.terraform.io/providers/confluentinc/confluent/latest/docs/resources/confluent_kafka_acl

"You must set the cloud_api_key and cloud_api_secret provider arguments temporarily when you interact with the confluent_kafka_acl resource, because of some implementation details, otherwise you will see Error: 401 Unauthorized error."

Answer 1

You can replace the key resource with terraform apply -replace="confluent_api_key.example"

This should then also update all dependent resources. Therefore, I think it's not necessary to do anything else to get it working again after your manual deletion.

Answer 2

Following things helped me to resolve the issues

• remove the ACL and related resources from terraform state https://developer.hashicorp.com/terraform/cli/commands/state/rm
• Create a new terraform stack for Sink creation ( let us call it stack2) and other stuff to separate out core cluster creation, Keys creation, environments etc ( let us call it stack 1)
• Use the output of terraform state from stack 1 the main core terraform stack for environment id, Keys and secrets, clusters , endpoint etc