Plain Login Setup

This feature requires an enterprise license. To get a trial license key or extend your trial period, generate a new trial license key. To purchase a license, contact Redpanda Sales.

If Redpanda Console has enterprise features enabled and it cannot find a valid license either in its local configuration or in the connected Redpanda cluster, it redirects you to the license expiration landing page, and all other access is restricted.

Configuring Redpanda Console with a plain login provider allows your users to authenticate with a predefined username and password. Plain logins are the easiest way to set up a login-protected deployment of Redpanda Console.

Plain logins are not secure. Use them only in development environments or for demo purposes.

To configure a plain login provider, you must:

Configure the plain login provider with user credentials

To configure the users' plain login credentials, add them to the login.plain.credentials setting in the Redpanda Console Configuration.

redpanda-console-config.yaml
login:
  enabled: true

# jwtSecret is the secret key you must use to sign and encrypt the JSON
  # web token used to store user sessions. This secret key is
  # critical for the security of Redpanda Console's authentication and
  # authorization system. Use a long, complex key with a combination of
  # numbers, letters, and special characters. While you must use a minimum of
  # 10 characters, Redpanda recommends using more than 32
  # characters. For additional security, use a different secret key for
  # each environment. jwtSecret can be securely generated with the following
  # command: LC_ALL=C tr -dc '[:alnum:]' < /dev/random | head -c32
  #
  # If you update this secret key, any users who are
  # already logged into Redpanda Console will be logged out and will have
  # to log in again.
  jwtSecret: ""

# useSecureCookies controls the storage of session cookies in Console.
  # Enabling this option ensures that session cookies are stored with the
  # secure attribute, allowing them to be sent only over HTTPS.
  # If you are not using SSL in your environment, you must
  # disable this setting.
  useSecureCookies: false

plain:
    enabled: true
    # Credentials are username and password combinations that you can use to log in.
    # By default, each user has no permissions. You must bind a role to the user.
    credentials:
      - username: "jane"
        password: "some-other-secret-password"
      - username: "john"
        password: "some-secret-password"
Disable the useSecureCookies option shown in the code snippet if Console is exposed using HTTP instead of HTTPS.

Define role-bindings

By default, each user has no permissions. To give users permissions, you must bind a role to them. After you’ve configured the plain login provider, you can bind users to roles in the Redpanda Console Role-Binding Configuration.

role-bindings.yaml
roleBindings:
  - metadata:
      name: Platform Ops
    subjects:
      - kind: user
        provider: Plain
        name: jane
    roleName: admin
  - metadata:
      name: Software Engineers
    subjects:
      - kind: user
        provider: Plain
        name: john
    roleName: editor

Next steps

See Authorization to learn more about managing user permissions with RBAC.