Docs Self-Managed Deploy Cloud Security Authentication Authentication Redpanda Cloud ensures the highest level of authentication for both users and services. User authentication Redpanda Cloud authenticates users directly using their email and password. Passwords are hashed (a one-way function that makes the original value unrecoverable, and effectively encrypted) and salted at rest using bcrypt. Service authentication Each Redpanda Cloud data plane runs its own dedicated agent, which authenticates and connects against the control plane over a single TLS 1.2 encrypted TCP connection. Redpanda Cloud enables SASL/SCRAM authentication over TLS 1.2 to authenticate Kafka clients connecting to Redpanda clusters over the TCP endpoint or listener. When connecting through Redpanda’s HTTP Proxy, authentication is done through an HTTP Basic Authentication header encrypted over TLS 1.2. The following features use AWS and GCP IAM Policies to generate dynamic and short-lived credentials to interact with cloud provider APIs: Data plane agent Tiered Storage Redpanda Console Managed connectors AWS and GCP IAM policies have constrained permissions so that each service can only access or manage its own data plane-scoped resources, following the principle of least privilege. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Security Authorization