Docs Self-Managed Manage Security This is documentation for Self-Managed v24.1. To view the latest available version of the docs, see v24.3. Security All concepts described in this section are compatible with Kafka and its client libraries and CLIs. This section does not cover ways you can protect your Redpanda cluster externally; for example, through network ACLs or private networks. Configure Authentication Redpanda supports multiple forms of authentication including SASL/SCRAM, mTLS with principal mapping, and basic authentication. Redpanda Authorization Mechanisms Redpanda provides two mechanisms for controlling user permissions. Configure Kafka TLS Encryption Enable encryption with TLS or mTLS. Configure Listeners Use listeners to advertise the location of the broker, so other brokers in the cluster can be found. Redpanda Console Security Security topics specific to Redpanda Console. IAM Roles For Redpanda Self-Managed clusters deployed on a public cloud platform, cloud provider IAM roles and managed identities provide a safer alternative to the less secure static credential system, which is based on access keys. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Node-wise Partition Recovery Configure Authentication