Docs Self-Managed Manage Security Redpanda Console Security Plain This is documentation for Self-Managed v23.3. To view the latest available version of the docs, see v24.2. Plain Login Setup This section pertains to Redpanda Console in a self-hosted deployment, and this feature requires an Enterprise license. To upgrade, contact Redpanda sales. Configuring Redpanda Console with a plain login provider allows your users to authenticate with a predefined username and password. Plain logins are the easiest way to set up a login-protected deployment of Redpanda Console. However, plain logins are not secure, and Redpanda recommends them only for development environments or demo purposes. You can test this feature using Docker Compose. See the Plain login authentication for Redpanda Console sample. To configure a plain login provider, you must: Configure the plain login provider with user credentials. Define role-bindings for the users. Configure the plain login provider with user credentials To configure the users' plain login credentials, add them to the login.plain.credentials setting in the Redpanda Console Configuration. redpanda-console-config.yaml login: enabled: true # jwtSecret is the secret key you must use to sign and encrypt the JSON # web token used to store user sessions. This secret key is # critical for the security of Redpanda Console's authentication and # authorization system. Use a long, complex key with a combination of # numbers, letters, and special characters. While you must use a minimum of # 10 characters, Redpanda recommends using more than 32 # characters. For additional security, use a different secret key for # each environment. jwtSecret can be securely generated with the following # command: LC_ALL=C tr -dc '[:alnum:]' < /dev/random | head -c32 # # If you update this secret key, any users who are # already logged into Redpanda Console will be logged out and will have # to log in again. jwtSecret: "" # useSecureCookies controls the storage of session cookies in Console. # Enabling this option ensures that session cookies are stored with the # secure attribute, allowing them to be sent only over HTTPS. # If you are not using SSL in your environment, you must # disable this setting. useSecureCookies: false plain: enabled: true # Credentials are username and password combinations that you can use to log in. # By default, each user has no permissions. You must bind a role to the user. credentials: - username: "jane" password: "some-other-secret-password" - username: "john" password: "some-secret-password" Disable the useSecureCookies option shown in the code snippet if Console is exposed using HTTP instead of HTTPS. Define role-bindings By default, each user has no permissions. To give users permissions, you must bind a role to them. After you’ve configured the plain login provider, you can bind users to roles in the Redpanda Console Role-Binding Configuration. role-bindings.yaml roleBindings: - metadata: name: Platform Ops subjects: - kind: user provider: Plain name: jane roleName: admin - metadata: name: Software Engineers subjects: - kind: user provider: Plain name: john roleName: editor Next steps See Authorization to learn more about managing user permissions with RBAC. Suggested reading Redpanda Console Configuration Redpanda Console Role-Binding Configuration Suggested labs Enable Plain Login Authentication for Redpanda ConsoleSearch all labs Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Okta TLS Termination