Authentication

Redpanda Cloud ensures the highest level of authentication for both users and services.

User authentication

Redpanda Cloud authenticates users directly using their email and password. Passwords are hashed (a one-way function that makes the original value unrecoverable, and effectively encrypted) and salted at rest using bcrypt.

Service authentication

Each Redpanda Cloud data plane runs its own dedicated agent, which authenticates and connects against the control plane over a single TLS 1.2 encrypted TCP connection.

Redpanda Cloud enables SASL/SCRAM authentication over TLS 1.2 to authenticate Kafka clients connecting to Redpanda clusters over the TCP endpoint or listener.

When connecting through Redpanda’s HTTP Proxy, authentication is done through an HTTP Basic Authentication header encrypted over TLS 1.2.

The following features use AWS and GCP IAM Policies to generate dynamic and short-lived credentials to interact with cloud provider APIs:

Data plane agent
Tiered Storage
Redpanda Console
Managed connectors

AWS and GCP IAM policies have constrained permissions so that each service can only access or manage its own data plane-scoped resources, following the principle of least privilege.

Was this helpful?

Ask in the community

Share your feedback

Make a contribution

What do you like about this doc?

Let us know what we do well:

Let us contact you about your feedback:

What did you not like about this doc?

Let us know what we can improve:

Let us contact you about your feedback:

Authentication

User authentication

Service authentication

Simple online edits

Contribution guide