Plain Login Setup
This section pertains to Redpanda Console in a self-hosted deployment, and this feature requires an Enterprise license. To upgrade, contact Redpanda sales. |
Configuring Redpanda Console with a plain login provider allows your users to authenticate with a predefined username and password. Plain logins are the easiest way to set up a login-protected deployment of Redpanda Console. However, plain logins are not secure, and Redpanda recommends them only for development environments or demo purposes.
You can test this feature using Docker Compose. See the Plain login authentication for Redpanda Console sample. |
To configure a plain login provider, you must:
Configure the plain login provider with user credentials
To configure the users' plain login credentials, add them to the login.plain.credentials
setting in the Redpanda Console Configuration.
redpanda-console-config.yaml
login:
enabled: true
# jwtSecret is the secret key you must use to sign and encrypt the JSON
# web token used to store user sessions. This secret key is
# critical for the security of Redpanda Console's authentication and
# authorization system. Use a long, complex key with a combination of
# numbers, letters, and special characters. While you must use a minimum of
# 10 characters, Redpanda recommends using more than 32
# characters. For additional security, use a different secret key for
# each environment. jwtSecret can be securely generated with the following
# command: LC_ALL=C tr -dc '[:alnum:]' < /dev/random | head -c32
#
# If you update this secret key, any users who are
# already logged into Redpanda Console will be logged out and will have
# to log in again.
jwtSecret: ""
# useSecureCookies controls the storage of session cookies in Console.
# Enabling this option ensures that session cookies are stored with the
# secure attribute, allowing them to be sent only over HTTPS.
# If you are not using SSL in your environment, you must
# disable this setting.
useSecureCookies: false
plain:
enabled: true
# Credentials are username and password combinations that you can use to log in.
# By default, each user has no permissions. You must bind a role to the user.
credentials:
- username: "jane"
password: "some-other-secret-password"
- username: "john"
password: "some-secret-password"
Disable the useSecureCookies option shown in the code snippet if Console is exposed using HTTP instead of HTTPS.
|
Define role-bindings
By default, each user has no permissions. To give users permissions, you must bind a role to them. After you’ve configured the plain login provider, you can bind users to roles in the Redpanda Console Role-Binding Configuration.
role-bindings.yaml
roleBindings:
- metadata:
name: Platform Ops
subjects:
- kind: user
provider: Plain
name: jane
roleName: admin
- metadata:
name: Software Engineers
subjects:
- kind: user
provider: Plain
name: john
roleName: editor
Next steps
See Authorization to learn more about managing user permissions with RBAC.