Redpanda recommends that you always configure encryption, authentication, and authorization for production environments.

    All concepts described in this section are compatible with Kafka and its client libraries and CLIs. This section does not cover ways you can protect your Redpanda cluster externally; for example, through network ACLs or private networks.
  • Configure Authentication

    Enable and configure authentication. Different components of Redpanda support different authentication methods.

  • Configure Authorization

    Configure access-control lists (ACLs) to enable fine-grained access to provisioned users.

  • Configure Kafka TLS Encryption

    A security best practice is to enable encryption with TLS or mTLS.

  • Configure Listeners

    Use listeners to advertise the location of the broker, so other brokers in the cluster can be found.

  • Redpanda Console Security

    See security topics specific to Redpanda Console.

  • IAM Roles

    For self-hosted clusters deployed on a public cloud platform, cloud provider IAM roles provide a safer alternative to the less secure static credential system, which is based on access keys.