Skip to main content
Version: 23.1


Redpanda recommends that you always configure encryption, authentication, and authorization for production environments.

  • Configure Authentication

    Enable and configure authentication. Different components of Redpanda support different authentication methods.

  • Configure Authorization

    Configure access-control lists (ACLs) to enable fine-grained access to provisioned users.

  • Configure Kafka TLS Encryption

    A security best practice is to enable encryption with TLS or mTLS.

  • Configure Listeners

    Use listeners to advertise the location of the broker, so other brokers in the cluster can be found.

  • Redpanda Console Security

    See security topics specific to Redpanda Console.

  • IAM Roles

    For self-hosted clusters on a public cloud, cloud provider IAM roles provide a safer alternative to static credentials based on access keys.


All concepts described in this section are compatible with Kafka and its client libraries and CLIs. This section does not cover ways you can protect your Redpanda cluster externally; for example, through network ACLs or private networks.

What do you like about this doc?

Optional: Share your email address if we can contact you about your feedback.

Let us know what we do well: