Redpanda recommends that you always configure encryption, authentication, and authorization for production environments.

    All concepts described in this section are compatible with Kafka and its client libraries and CLIs. This section does not cover ways you can protect your Redpanda cluster externally; for example, through network ACLs or private networks.
  • Configuring Encryption

    You can encrypt data with TLS or mTLS.

  • Configuring Authentication

    Redpanda supports multiple forms of authentication including SASL/SCRAM, basic authentication, and mTLS with principal mapping.

  • Configuring Authorization

    ACLs are the main mechanism supported by Redpanda to manage user permissions.

  • IAM Roles

    For self-hosted clusters deployed on a public cloud platform, cloud provider IAM roles provide a safer alternative to the less secure static credential system, which is based on access keys.

  • Security on Kubernetes