Kafka governance shouldn’t feel like a maze. This release simplifies access management, policy migration, and rule enforcement, reducing the usual overhead.

With native support for Confluent Cloud RBAC, you can manage access the way your platform does. Policy migrations help you move forward without having to rewrite everything. And in Trust, rules now clearly highlight where they fail and explain violations in plain language, allowing teams to resolve issues more quickly.

The result: governance that’s clear, actionable, and built to scale with your organization.

Scale: Stronger Self-Service, Smoother Transitions

Confluent Cloud RBAC, Now Self-Served

Managing access on Confluent Cloud just got easier.
With support for Confluent Cloud RBAC, Scale can now automatically create RBAC role bindings instead of Kafka ACLs for your application instances. That means:

• No more manual role assignments.

• Permissions are instantly reflected as native RBAC bindings in Confluent Cloud.

• Full visibility into role bindings right from the service account screen.

The outcome: faster onboarding, less admin overhead, and governance that feels built-in to Confluent Cloud.

Topic Policy Migration Made Simple

Out with the old, in with the reliable.
You can now migrate legacy topic policies to modern resource policies in just a few clicks. Migration automatically creates new policies (with descriptions of where they came from), and they’re defined in CEL for more flexibility.

The outcome: a smoother transition to stronger, future-proof policy enforcement—without rewriting everything by hand.

Trust: Rules That Are Clearer and More Helpful

Validate Rules With Real Data, Instantly

When data quality rules fail, your teams shouldn't need to play detective. We've improved rule testing so errors are now highlighted directly in the editor, with detailed messages that show the error path and reason. Hover over the icon, and you'll see exactly what went wrong.

The outcome: fewer confusing errors, faster debugging, and higher confidence in every rule you ship. Reduce back-and-forth between platform and application teams when rules fail.

Custom Violation Messages for More Context

Not all rule violations are equal. Now, you can attach custom violation messages to your rules, so when a message fails, the feedback tells users why in plain language. Multiple rules? You’ll see multiple messages, each with the right context.

Example: Instead of "Schema validation failed," your message can say "This event is missing the required user_id field. See the schema guidelines at [internal wiki link]."

The outcome: less guesswork for teams, quicker resolution, and policies that explain themselves.

Shield: Smarter Encryption Error Handling

Governance isn’t just about who can access data; it’s about making the system’s behavior predictable and transparent when things go wrong. This release brings new Shield enhancements that provide stronger security defaults and tighter KMS integrations to ensure your encryption operates reliably.

Improved Decryption Failure Handling

Not all decryption errors are the same, and now, they’re treated that way.

• Retryable errors (like a temporary KMS or Schema Registry outage) can be throttled rather than failing fast. Your consumers won't crash during transient infrastructure issues.

• Fatal errors (like misconfiguration) are flagged clearly, so they don’t get lost in retries. Platform teams know immediately when configuration needs fixing.

• Key not found errors (like deliberate crypto-shredding) are surfaced explicitly, so you know when data is permanently inaccessible. Distinguish between "recoverable" and "data is gone" scenarios.

The outcome: Less time diagnosing "why did this consumer fail?" and more predictable error handling for security-sensitive data flows.

Exchange: Straight-forward access to CA Certificates

Partner Zones enable you to share data with your partners securely. Previously, platform teams had to navigate multiple screens to gather connection details. Now, you can download the CA certificate directly from the Partner Zone page - everything your partners need in one place.

Outcome

Your platform team can get everything they need to enable your partners to access data, with the minimum of fuss.

Conclusion

This release is all about demystifying Kafka governance. Whether it’s self-service RBAC that mirrors your Confluent Cloud deployment, rules that show precisely where and why they fail, or Gateways that distinguish between different types of errors, Conduktor is making governance clearer, safer, and easier to operate at scale.

Ready to see it in action? 

• Current Scale customers: Log in to explore the new RBAC and migration features.

• Interested in Conduktor Trust for data quality observability? Book a demo to see custom violation messages in action.

For a complete list of what’s included in this month’s release, you can read the release notes.