rpk acl user create
Create a SASL user.
This command creates a single SASL user with the given password, optionally with a custom mechanism. SASL consists of three parts: a username, a password, and a mechanism. The mechanism determines which authentication flow the client will use for this user/pass.
Redpanda currently supports two mechanisms: SCRAM-SHA-256, the default, and SCRAM-SHA-512, which is the same flow but uses sha512 rather than sha256.
Using SASL requires setting enable_sasl: true in the redpanda section of your
redpanda.yaml. Before a created SASL account can be used, you must also create
ACLs to grant the account access to certain resources in your cluster. See the
acl help text for more info.
Usage
rpk acl user create [USER] -p [PASS] [flags]
Flags
| Value | Type | Description |
| -h, --help | - | Help for create. |
| --mechanism | string | SASL mechanism to use for the user you are creating (scram-sha-256, scram-sha-512, case insensitive); not to be confused with the global flag --sasl-mechanism which is used for authenticating the rpk client (default "scram-sha-256"). |
| --password | string | New user's password (NOTE: if using --password for the admin API, use --new-password). |
| --admin-api-tls-cert | string | The certificate to be used for TLS authentication with the Admin API. |
| --admin-api-tls-enabled | - | Enable TLS for the Admin API (not necessary if specifying custom certs). |
| --admin-api-tls-key | string | The certificate key to be used for TLS authentication with the Admin API. |
| --admin-api-tls-truststore | string | The truststore to be used for TLS communication with the Admin API. |
| --api-urls | strings | The comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node. |
| --brokers | strings | Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses. |
| --config | string | Redpanda config file, if not set the file will be searched for in the default locations. |
| --sasl-mechanism | string | The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512. |
| --tls-cert | string | The certificate to be used for TLS authentication with the broker. |
| --tls-enabled | - | Enable TLS for the Kafka API (not necessary if specifying custom certs). |
| --tls-key | string | The certificate key to be used for TLS authentication with the broker. |
| --tls-truststore | string | The truststore to be used for TLS communication with the broker. |
| --user | string | SASL user to be used for authentication. |
| -v, --verbose | - | Enable verbose logging (default: false). |