# Cluster Configuration Properties

> For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [cloud-data-platform-full.txt](https://docs.redpanda.com/cloud-data-platform-full.txt)

---
title: Cluster Configuration Properties
latest-operator-version: v26.1.4
latest-console-tag: v3.7.3
latest-connect-version: 4.93.0
latest-redpanda-tag: v26.1.9
docname: properties/cluster-properties
page-component-name: cloud-data-platform
page-version: master
page-component-version: master
page-component-title: Cloud
page-relative-src-path: properties/cluster-properties.adoc
page-edit-url: https://github.com/redpanda-data/cloud-docs/edit/main/modules/reference/pages/properties/cluster-properties.adoc
description: Reference of cluster configuration properties.
page-git-created-date: "2025-04-08"
page-git-modified-date: "2026-05-26"
---

<!-- Source: https://docs.redpanda.com/cloud-data-platform/reference/properties/cluster-properties.md -->

Cluster properties are configuration settings that control the behavior of a Redpanda cluster at a global level. Configuring cluster properties allows you to adapt Redpanda to specific workloads, optimize resource usage, and enable or disable features. For information on how to edit cluster properties, see [Configure Cluster Properties](https://docs.redpanda.com/cloud-data-platform/manage/cluster-maintenance/config-cluster/).

> 📝 **NOTE**
>
> Some properties require a cluster restart for updates to take effect. This triggers a [long-running operation](https://docs.redpanda.com/cloud-data-platform/manage/api/cloud-byoc-controlplane-api/#lro) that can take several minutes to complete.

## [](#cluster-configuration)Cluster configuration

### [](#audit_enabled)audit_enabled

Enables or disables audit logging. When you set this to true, Redpanda checks for an existing topic named `_redpanda.audit_log`. If none is found, Redpanda automatically creates one for you.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |

### [](#audit_excluded_principals)audit_excluded_principals

List of user principals to exclude from auditing.

| Property | Value |
| --- | --- |
| Type | array |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |
| Example | ["User:principal1","User:principal2"] |

### [](#audit_excluded_topics)audit_excluded_topics

List of topics to exclude from auditing.

| Property | Value |
| --- | --- |
| Type | array |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |
| Example | ["topic1","topic2"] |

### [](#audit_log_num_partitions)audit_log_num_partitions

Defines the number of partitions used by a newly-created audit topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics.

| Property | Value |
| --- | --- |
| Type | integer |
| Range | [-2147483648, 2147483647] |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Unit | Number of partitions per topic |
| Requires restart | No |

### [](#auto_create_topics_enabled)auto_create_topics_enabled

Allow automatic topic creation. To prevent excess topics, this property is not supported on Redpanda Cloud BYOC and Dedicated clusters. You should explicitly manage topic creation for these Redpanda Cloud clusters.

If you produce to a topic that doesn’t exist, the topic will be created with defaults if this property is enabled.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |

### [](#data_transforms_binary_max_size)data_transforms_binary_max_size

The maximum size for a deployable WebAssembly binary that the broker can store.

| Property | Value |
| --- | --- |
| Type | integer |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | No |

### [](#data_transforms_enabled)data_transforms_enabled

Enables WebAssembly-powered data transforms directly in the broker. When `data_transforms_enabled` is set to `true`, Redpanda reserves memory for data transforms, even if no transform functions are currently deployed. This memory reservation ensures that adequate resources are available for transform functions when they are needed, but it also means that some memory is allocated regardless of usage.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | Yes |

### [](#data_transforms_logging_line_max_bytes)data_transforms_logging_line_max_bytes

Transform log lines truncate to this length. Truncation occurs after any character escaping.

| Property | Value |
| --- | --- |
| Type | integer |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Unit | Bytes |
| Requires restart | No |

### [](#data_transforms_per_core_memory_reservation)data_transforms_per_core_memory_reservation

The amount of memory to reserve per core for data transform (Wasm) virtual machines. Memory is reserved on boot. The maximum number of functions that can be deployed to a cluster is equal to `data_transforms_per_core_memory_reservation` / `data_transforms_per_function_memory_limit`.

| Property | Value |
| --- | --- |
| Type | integer |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | Yes |
| Example | 26214400 |

### [](#data_transforms_per_function_memory_limit)data_transforms_per_function_memory_limit

The amount of memory to give an instance of a data transform (Wasm) virtual machine. The maximum number of functions that can be deployed to a cluster is equal to `data_transforms_per_core_memory_reservation` / `data_transforms_per_function_memory_limit`.

| Property | Value |
| --- | --- |
| Type | integer |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | Yes |
| Example | 5242880 |

### [](#default_redpanda_storage_mode)default_redpanda_storage_mode

Set the default storage mode for new topics. This value applies to any topic created without an explicit [`redpanda.storage.mode`](#redpandastoragemode) setting (that is, when the topic’s `redpanda.storage.mode` is `unset`).

Accepted values:

-   `unset`: Defer to the legacy [`redpanda.remote.read`](#cloud_storage_enable_remote_read) and [`redpanda.remote.write`](#cloud_storage_enable_remote_write) topic properties for Tiered Storage configuration.

-   `local`: Store data only on local disks, with no object storage involvement.

-   `tiered`: Store data on local disks and replicate it to object storage using Tiered Storage. Equivalent to setting `redpanda.remote.read` and `redpanda.remote.write` to `true`.

-   `cloud`: Store data primarily in object storage using Cloud Topics.


| Property | Value |
| --- | --- |
| Type | string (enum) |
| Accepted values | local, tiered, cloud, unset |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |
| Example | tiered |
| Related topics | Manage Cloud Topics |

### [](#enable_consumer_group_metrics)enable_consumer_group_metrics

List of enabled consumer group metrics. Accepted values include:

-   `group`: Enables the [`redpanda_kafka_consumer_group_consumers`](https://docs.redpanda.com/cloud-data-platform/reference/public-metrics-reference/#redpanda_kafka_consumer_group_consumers) and [`redpanda_kafka_consumer_group_topics`](https://docs.redpanda.com/cloud-data-platform/reference/public-metrics-reference/#redpanda_kafka_consumer_group_topics) metrics.

-   `partition`: Enables the [`redpanda_kafka_consumer_group_committed_offset`](https://docs.redpanda.com/cloud-data-platform/reference/public-metrics-reference/#redpanda_kafka_consumer_group_committed_offset) metric.

-   `consumer_lag`: Enables the [`redpanda_kafka_consumer_group_lag_max`](https://docs.redpanda.com/cloud-data-platform/reference/public-metrics-reference/#redpanda_kafka_consumer_group_lag_max) and [`redpanda_kafka_consumer_group_lag_sum`](https://docs.redpanda.com/cloud-data-platform/reference/public-metrics-reference/#redpanda_kafka_consumer_group_lag_sum) metrics

    Enabling `consumer_lag` may add a small amount of additional processing overhead to the brokers, especially in environments with a high number of consumer groups or partitions.

    | Property | Value |
    | --- | --- |
    | Type | array |
    | Default | Available in the Redpanda Cloud Console (editable) |
    | Nullable | No |
    | Requires restart | No |
    | Related topics | redpanda_kafka_consumer_group_consumersredpanda_kafka_consumer_group_topicsredpanda_kafka_consumer_group_committed_offsetredpanda_kafka_consumer_group_lag_maxredpanda_kafka_consumer_group_lag_sumconsumer_group_lag_collection_interval_secMonitor consumer group lag |


### [](#enable_schema_id_validation)enable_schema_id_validation

Controls whether Redpanda validates schema IDs in records and which topic properties are enforced.

Values:

-   `none`: Schema validation is disabled (no schema ID checks are done). Associated topic properties cannot be modified.

-   `redpanda`: Schema validation is enabled. Only Redpanda topic properties are accepted.

-   `compat`: Schema validation is enabled. Both Redpanda and compatible topic properties are accepted.


| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |
| Related topics | Server-Side Schema ID Validation |

### [](#enable_shadow_linking)enable_shadow_linking

Enable creating shadow links from this cluster to a remote source cluster for data replication.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |

### [](#group_offset_retention_sec)group_offset_retention_sec

Consumer group offset retention seconds. To disable offset retention, set this to null.

| Property | Value |
| --- | --- |
| Type | integer |
| Range | [-17179869184, 17179869183] |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | Yes |
| Unit | Seconds |
| Requires restart | No |

### [](#http_authentication)http_authentication

A list of supported HTTP authentication mechanisms. Accepted Values: `BASIC`, `OIDC`.

| Property | Value |
| --- | --- |
| Type | array |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | No |

### [](#iceberg_catalog_base_location)iceberg_catalog_base_location

Base path for the object-storage-backed Iceberg catalog. After Iceberg is enabled, do not change this value.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | Yes |

### [](#iceberg_catalog_type)iceberg_catalog_type

Iceberg catalog type that Redpanda will use to commit table metadata updates. Supported types: `rest`, `object_storage`. NOTE: You must set [`iceberg_rest_catalog_endpoint`](#iceberg_rest_catalog_endpoint) at the same time that you set `iceberg_catalog_type` to `rest`.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string (enum) |
| Accepted values | object_storage, rest |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | Yes |

### [](#iceberg_default_catalog_namespace)iceberg_default_catalog_namespace

The default namespace (database name) for Iceberg tables. All tables created by Redpanda will be placed in this namespace within the Iceberg catalog. Supports nested namespaces as an array of strings.

> ❗ **IMPORTANT**
>
> This value must be configured before enabling Iceberg and must not be changed afterward. Changing it will cause Redpanda to lose track of existing tables.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | array |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | Yes |

### [](#iceberg_default_partition_spec)iceberg_default_partition_spec

Default value for the `redpanda.iceberg.partition.spec` topic property that determines the partition spec for the Iceberg table corresponding to the topic.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |
| Related topics | Enable Iceberg integration |

### [](#iceberg_delete)iceberg_delete

Default value for the `redpanda.iceberg.delete` topic property that determines if the corresponding Iceberg table is deleted upon deleting the topic.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |

### [](#iceberg_disable_snapshot_tagging)iceberg_disable_snapshot_tagging

Whether to disable tagging of Iceberg snapshots. These tags are used to ensure that the snapshots that Redpanda writes are retained during snapshot removal, which in turn, helps Redpanda ensure exactly-once delivery of records. Disabling tags is therefore not recommended, but it may be useful if the Iceberg catalog does not support tags.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |

### [](#iceberg_enabled)iceberg_enabled

Enables the translation of topic data into Iceberg tables. Setting `iceberg_enabled` to `true` activates the feature at the cluster level, but each topic must also set the `redpanda.iceberg.enabled` topic-level property to `true` to use it. If `iceberg_enabled` is set to `false`, then the feature is disabled for all topics in the cluster, overriding any topic-level settings.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | Yes |

### [](#iceberg_invalid_record_action)iceberg_invalid_record_action

Default value for the `redpanda.iceberg.invalid.record.action` topic property.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string (enum) |
| Accepted values | drop, dlq_table |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |
| Related topics | Troubleshoot Iceberg Topics |

### [](#iceberg_rest_catalog_authentication_mode)iceberg_rest_catalog_authentication_mode

The authentication mode for client requests made to the Iceberg catalog. Choose from: `none`, `bearer`, `oauth2`, and `aws_sigv4`. In `bearer` mode, the token specified in `iceberg_rest_catalog_token` is used unconditonally, and no attempts are made to refresh the token. In `oauth2` mode, the credentials specified in `iceberg_rest_catalog_client_id` and `iceberg_rest_catalog_client_secret` are used to obtain a bearer token from the URI defined by `iceberg_rest_catalog_oauth2_server_uri`. In `aws_sigv4` mode, the same AWS credentials used for cloud storage (see `cloud_storage_region`, `cloud_storage_access_key`, `cloud_storage_secret_key`, and `cloud_storage_credentials_source`) are used to sign requests to AWS Glue catalog with SigV4.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string (enum) |
| Accepted values | none, bearer, oauth2, aws_sigv4, gcp |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | Yes |
| Example | none |

### [](#iceberg_rest_catalog_aws_access_key)iceberg_rest_catalog_aws_access_key

AWS access key for Iceberg REST catalog SigV4 authentication. If not set, falls back to [`cloud_storage_access_key`](https://docs.redpanda.com/cloud-data-platform/reference/properties/object-storage-properties/#cloud_storage_access_key) when using aws\_sigv4 authentication mode.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |
| Related topics | cloud_storage_access_key |

### [](#iceberg_rest_catalog_aws_region)iceberg_rest_catalog_aws_region

AWS region for Iceberg REST catalog SigV4 authentication. If not set, falls back to [`cloud_storage_region`](https://docs.redpanda.com/cloud-data-platform/reference/properties/object-storage-properties/#cloud_storage_region) when using aws\_sigv4 authentication mode.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |
| Related topics | cloud_storage_region |

### [](#iceberg_rest_catalog_aws_secret_key)iceberg_rest_catalog_aws_secret_key

AWS secret key for Iceberg REST catalog SigV4 authentication. If not set, falls back to [`cloud_storage_secret_key`](https://docs.redpanda.com/cloud-data-platform/reference/properties/object-storage-properties/#cloud_storage_secret_key) when using aws\_sigv4 authentication mode.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |
| Related topics | cloud_storage_secret_key |

### [](#iceberg_rest_catalog_base_location)iceberg_rest_catalog_base_location

Base URI for the Iceberg REST catalog. If unset, the REST catalog server determines the location. Some REST catalogs, like AWS Glue, require the client to set this. After Iceberg is enabled, do not change this value.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_client_id)iceberg_rest_catalog_client_id

Iceberg REST catalog user ID. This ID is used to query the catalog API for the OAuth token. Required if catalog type is set to `rest` and `iceberg_rest_catalog_authentication_mode` is set to `oauth2`.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_client_secret)iceberg_rest_catalog_client_secret

Secret used with the client ID to query the OAuth token endpoint for Iceberg REST catalog authentication. Required if catalog type is set to `rest` and `iceberg_rest_catalog_authentication_mode` is set to `oauth2`.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_crl)iceberg_rest_catalog_crl

The contents of a certificate revocation list for `iceberg_rest_catalog_trust`. Takes precedence over `iceberg_rest_catalog_crl_file`.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_endpoint)iceberg_rest_catalog_endpoint

URL of Iceberg REST catalog endpoint. NOTE: If you set [`iceberg_catalog_type`](#iceberg_catalog_type) to `rest`, you must also set this property at the same time.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |
| Example | http://hostname:8181 |

### [](#iceberg_rest_catalog_oauth2_scope)iceberg_rest_catalog_oauth2_scope

The OAuth scope used to retrieve access tokens for Iceberg catalog authentication. Only meaningful when `iceberg_rest_catalog_authentication_mode` is set to `oauth2`

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_oauth2_server_uri)iceberg_rest_catalog_oauth2_server_uri

The OAuth URI used to retrieve access tokens for Iceberg catalog authentication. If left undefined, the deprecated Iceberg catalog endpoint `/v1/oauth/tokens` is used instead.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_request_timeout_ms)iceberg_rest_catalog_request_timeout_ms

Maximum length of time that Redpanda waits for a response from the REST catalog before aborting the request

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | integer |
| Range | [-17592186044416, 17592186044415] |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Unit | Milliseconds |
| Requires restart | No |

### [](#iceberg_rest_catalog_token)iceberg_rest_catalog_token

Token used to access the REST Iceberg catalog. If the token is present, Redpanda ignores credentials stored in the properties [`iceberg_rest_catalog_client_id`](#iceberg_rest_catalog_client_id) and [`iceberg_rest_catalog_client_secret`](#iceberg_rest_catalog_client_secret).

Required if [`iceberg_rest_catalog_authentication_mode`](#iceberg_rest_catalog_authentication_mode) is set to `bearer`.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_trust)iceberg_rest_catalog_trust

The contents of a certificate chain to trust for the REST Iceberg catalog.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_rest_catalog_warehouse)iceberg_rest_catalog_warehouse

Warehouse to use for the Iceberg REST catalog. Redpanda queries the catalog to retrieve warehouse-specific configurations and automatically configures settings like the appropriate prefix. The prefix is appended to the catalog path (for example, `/v1/{prefix}/namespaces`).

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | Yes |

### [](#iceberg_target_lag_ms)iceberg_target_lag_ms

Default value for the `redpanda.iceberg.target.lag.ms` topic property, which controls how often the data in an Iceberg table is refreshed with new data from the corresponding Redpanda topic. Redpanda attempts to commit all data produced to the topic within the lag target, subject to resource availability.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | integer |
| Range | [-17592186044416, 17592186044415] |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Unit | Milliseconds |
| Requires restart | No |

### [](#iceberg_topic_name_dot_replacement)iceberg_topic_name_dot_replacement

A replacement string for dots in topic names when creating Iceberg table names. Use this when your downstream systems don’t allow dots in table names. The replacement string cannot contain dots. Be careful to avoid table name collisions. Don’t change this value after creating any Iceberg topics with dots in their names.

> 📝 **NOTE**
>
> This property is available only in Redpanda Cloud BYOC deployments.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | No |

### [](#kafka_connections_max_overrides)kafka_connections_max_overrides

A list of IP addresses for which Kafka client connection limits are overridden and don’t apply. For example, `(['127.0.0.1:90', '50.20.1.1:40']).`.

| Property | Value |
| --- | --- |
| Type | array |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |
| Example | ['127.0.0.1:90', '50.20.1.1:40'] |
| Related topics | Limit client connections |

### [](#kafka_connections_max_per_ip)kafka_connections_max_per_ip

Maximum number of Kafka client connections per IP address, per broker. If `null`, the property is disabled.

| Property | Value |
| --- | --- |
| Type | integer |
| Maximum | 4294967295 |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | Yes |
| Requires restart | No |
| Related topics | Limit client connections |

### [](#log_segment_ms)log_segment_ms

Default lifetime of log segments. If `null`, the property is disabled, and no default lifetime is set. Any value under 60 seconds (60000 ms) is rejected. This property can also be set in the Kafka API using the Kafka-compatible alias, `log.roll.ms`.

| Property | Value |
| --- | --- |
| Type | integer |
| Range | [-17592186044416, 17592186044415] |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | Yes |
| Unit | Milliseconds |
| Requires restart | No |
| Example | 3600000 |

### [](#oidc_discovery_url)oidc_discovery_url

The URL pointing to the well-known discovery endpoint for the OIDC provider.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | No |

### [](#oidc_principal_mapping)oidc_principal_mapping

Rule for mapping JWT payload claim to a Redpanda user principal.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | No |
| Related topics | OpenID Connect authentication |

### [](#oidc_token_audience)oidc_token_audience

A string representing the intended recipient of the token.

| Property | Value |
| --- | --- |
| Type | string |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | No |

### [](#sasl_mechanisms)sasl_mechanisms

A list of supported SASL mechanisms. Accepted values: `SCRAM`, `GSSAPI`, `OAUTHBEARER`, `PLAIN`. Note that in order to enable PLAIN, you must also enable SCRAM.

| Property | Value |
| --- | --- |
| Type | array (enum) |
| Accepted values | GSSAPI, SCRAM, OAUTHBEARER, PLAIN |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | No |

### [](#schema_registry_enable_authorization)schema_registry_enable_authorization

Enables ACL-based authorization for Schema Registry requests. When `true`, Schema Registry uses ACL-based authorization instead of the default `public/user/superuser` authorization model.

| Property | Value |
| --- | --- |
| Type | boolean |
| Default | Available in the Redpanda Cloud Console (editable) |
| Nullable | No |
| Requires restart | No |

### [](#tls_min_version)tls_min_version

The minimum TLS version that Redpanda clusters support. This property prevents client applications from negotiating a downgrade to the TLS version when they make a connection to a Redpanda cluster.

| Property | Value |
| --- | --- |
| Type | string (enum) |
| Accepted values | v1.0, v1.1, v1.2, v1.3 |
| Default | Available in the Redpanda Cloud Console (read-only) |
| Nullable | No |
| Requires restart | Yes |