Redpanda Cloud uses dynamic secrets through IAM roles. These have policies defined by the actions and resources that a user (also known as a principal) strictly needs, following the principle of least privilege.

Redpanda Cloud also uses static secrets, stored in either the AWS Secrets Manager or GCP Secret Manager services. Static secrets managed through Redpanda Console never leave their corresponding data plane account or network. They stay securely stored in AWS Secrets Manager or GCP Secret Manager.