Security
Redpanda recommends that you always configure encryption, authentication, and authorization for production environments.
Enable and configure authentication. Different components of Redpanda support different authentication methods.
Configure access-control lists (ACLs) to enable fine-grained access to provisioned users.
Configure Kafka TLS Encryption
A security best practice is to enable encryption with TLS or mTLS.
Use listeners to advertise the location of the broker, so other brokers in the cluster can be found.
See security topics specific to Redpanda Console.
For self-hosted clusters on a public cloud, cloud provider IAM roles provide a safer alternative to static credentials based on access keys.
All concepts described in this section are compatible with Kafka and its client libraries and CLIs. This section does not cover ways you can protect your Redpanda cluster externally; for example, through network ACLs or private networks.