rpk acl user create

Create a SASL user.

This command creates a single SASL user with the given password, optionally with a custom mechanism. SASL consists of three parts: a username, a password, and a mechanism. The mechanism determines which authentication flow the client will use for this user/pass.

Redpanda currently supports two mechanisms: SCRAM-SHA-256, the default, and SCRAM-SHA-512, which is the same flow but uses sha512 rather than sha256.

Using SASL requires setting enable_sasl: true in the redpanda section of your redpanda.yaml. Before a created SASL account can be used, you must also create ACLs to grant the account access to certain resources in your cluster. See the acl help text for more info.

Usage

rpk acl user create [USER] -p [PASS] [flags]

Flags

Value Type Description

Value	Type	Description
`-h, --help`	-	Help for create.
`--mechanism`	string	SASL mechanism to use for the user you are creating (scram-sha-256, scram-sha-512, case insensitive); not to be confused with the global flag --sasl-mechanism which is used for authenticating the rpk client (default "scram-sha-256").
`--password`	string	New user’s password (NOTE: if using --password for the admin API, use --new-password).
`--admin-api-tls-cert`	string	The certificate to be used for TLS authentication with the Admin API.
`--admin-api-tls-enabled`	-	Enable TLS for the Admin API (not necessary if specifying custom certs).
`--admin-api-tls-key`	string	The certificate key to be used for TLS authentication with the Admin API.
`--admin-api-tls-truststore`	string	The truststore to be used for TLS communication with the Admin API.
`--api-urls`	strings	The comma-separated list of Admin API addresses (\|IP\|:\|port\|). You must specify one for each node.
`--brokers`	strings	Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
`--config`	string	Redpanda config file, if not set the file will be searched for in the default locations.
`--sasl-mechanism`	string	The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
`--tls-cert`	string	The certificate to be used for TLS authentication with the broker.
`--tls-enabled`	-	Enable TLS for the Kafka API (not necessary if specifying custom certs).
`--tls-key`	string	The certificate key to be used for TLS authentication with the broker.
`--tls-truststore`	string	The truststore to be used for TLS communication with the broker.
`--user`	string	SASL user to be used for authentication.
`-v, --verbose`	-	Enable verbose logging (default: false).

-h, --help

Help for create.

--mechanism

string

SASL mechanism to use for the user you are creating (scram-sha-256, scram-sha-512, case insensitive); not to be confused with the global flag --sasl-mechanism which is used for authenticating the rpk client (default "scram-sha-256").

--password

string

New user’s password (NOTE: if using --password for the admin API, use --new-password).

--admin-api-tls-cert

string

The certificate to be used for TLS authentication with the Admin API.

--admin-api-tls-enabled

Enable TLS for the Admin API (not necessary if specifying custom certs).

--admin-api-tls-key

string

The certificate key to be used for TLS authentication with the Admin API.

--admin-api-tls-truststore

string

The truststore to be used for TLS communication with the Admin API.

--api-urls

strings

The comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.

--brokers

strings

Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.

--config

string

Redpanda config file, if not set the file will be searched for in the default locations.

--sasl-mechanism

string

The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.

--tls-cert

string

The certificate to be used for TLS authentication with the broker.

--tls-enabled

Enable TLS for the Kafka API (not necessary if specifying custom certs).

--tls-key

string

The certificate key to be used for TLS authentication with the broker.

--tls-truststore

string

The truststore to be used for TLS communication with the broker.

--user

string

SASL user to be used for authentication.

-v, --verbose

Enable verbose logging (default: false).

Was this helpful?

Ask in the community

Share your feedback

Make a contribution

What do you like about this doc?

Let us know what we do well:

Let us contact you about your feedback:

What did you not like about this doc?

Let us know what we can improve:

Let us contact you about your feedback:

rpk acl user create

Usage

Flags

Simple online edits

Contribution guide