Plain Login Setup

This section pertains to Redpanda Console in a self-managed deployment, and this feature requires an Enterprise license. To upgrade, contact Redpanda sales.

If Redpanda Console has enterprise features enabled and it cannot find a valid license either in its local configuration or in the connected Redpanda cluster, it shuts down.

Configuring Redpanda Console with a plain login provider allows your users to authenticate with a predefined username and password. Plain logins are the easiest way to set up a login-protected deployment of Redpanda Console.

Plain logins are not secure. Use them only in development environments or for demo purposes.

To configure a plain login provider, you must:

Configure the plain login provider with user credentials

To configure the users' plain login credentials, add them to the login.plain.credentials setting in the Redpanda Console Configuration.

redpanda-console-config.yaml
login:
  enabled: true

# jwtSecret is the secret key you must use to sign and encrypt the JSON
  # web token used to store user sessions. This secret key is
  # critical for the security of Redpanda Console's authentication and
  # authorization system. Use a long, complex key with a combination of
  # numbers, letters, and special characters. While you must use a minimum of
  # 10 characters, Redpanda recommends using more than 32
  # characters. For additional security, use a different secret key for
  # each environment. jwtSecret can be securely generated with the following
  # command: LC_ALL=C tr -dc '[:alnum:]' < /dev/random | head -c32
  #
  # If you update this secret key, any users who are
  # already logged into Redpanda Console will be logged out and will have
  # to log in again.
  jwtSecret: ""

# useSecureCookies controls the storage of session cookies in Console.
  # Enabling this option ensures that session cookies are stored with the
  # secure attribute, allowing them to be sent only over HTTPS.
  # If you are not using SSL in your environment, you must
  # disable this setting.
  useSecureCookies: false

plain:
    enabled: true
    # Credentials are username and password combinations that you can use to log in.
    # By default, each user has no permissions. You must bind a role to the user.
    credentials:
      - username: "jane"
        password: "some-other-secret-password"
      - username: "john"
        password: "some-secret-password"
Disable the useSecureCookies option shown in the code snippet if Console is exposed using HTTP instead of HTTPS.

Define role-bindings

By default, each user has no permissions. To give users permissions, you must bind a role to them. After you’ve configured the plain login provider, you can bind users to roles in the Redpanda Console Role-Binding Configuration.

role-bindings.yaml
roleBindings:
  - metadata:
      name: Platform Ops
    subjects:
      - kind: user
        provider: Plain
        name: jane
    roleName: admin
  - metadata:
      name: Software Engineers
    subjects:
      - kind: user
        provider: Plain
        name: john
    roleName: editor

Next steps

See Authorization to learn more about managing user permissions with RBAC.