Plain Login Setup

This feature requires an Enterprise license. To upgrade, contact Redpanda sales.

Configuring Redpanda Console with a plain login provider allows your users to authenticate with a predefined username and password. Plain logins are the easiest way to set up a login-protected deployment of Redpanda Console. However, plain logins are not secure, and Redpanda recommends them only for development environments or demo purposes.

You can test this feature using Docker Compose. See the Plain login authentication for Redpanda Console sample.

To configure a plain login provider, you must:

Configure the plain login provider with user credentials.
Define role-bindings for the users.

To configure the users' plain login credentials, add them to the login.plain.credentials setting in the Redpanda Console Configuration.

redpanda-console-config.yaml

login:
  enabled: true

# jwtSecret is the secret key you must use to sign and encrypt the JSON
  # web token used to store user sessions. This secret key is
  # critical for the security of Redpanda Console's authentication and
  # authorization system. Use a long, complex key with a combination of
  # numbers, letters, and special characters. While you must use a minimum of
  # 10 characters, Redpanda recommends using more than 32
  # characters. For additional security, use a different secret key for
  # each environment. jwtSecret can be securely generated with the following
  # command: LC_ALL=C tr -dc '[:alnum:]' < /dev/random | head -c32
  #
  # If you update this secret key, any users who are
  # already logged into Redpanda Console will be logged out and will have
  # to log in again.
  jwtSecret: ""

# useSecureCookies controls the storage of session cookies in Console.
  # Enabling this option ensures that session cookies are stored with the
  # secure attribute, allowing them to be sent only over HTTPS.
  # If you are not using SSL in your environment, you must
  # disable this setting.
  useSecureCookies: false

plain:
    enabled: true
    # Credentials are username and password combinations that you can use to log in.
    # By default, each user has no permissions. You must bind a role to the user.
    credentials:
      - username: "jane"
        password: "some-other-secret-password"
      - username: "john"
        password: "some-secret-password"

Disable the useSecureCookies option shown in the code snippet if Console is exposed using HTTP instead of HTTPS.

Define role-bindings

By default, each user has no permissions. To give users permissions, you must bind a role to them. After you’ve configured the plain login provider, you can bind users to roles in the Redpanda Console Role-Binding Configuration.

role-bindings.yaml

roleBindings:
  - metadata:
      name: Platform Ops
    subjects:
      - kind: user
        provider: Plain
        name: jane
    roleName: admin
  - metadata:
      name: Software Engineers
    subjects:
      - kind: user
        provider: Plain
        name: john
    roleName: editor

Next steps

See Authorization to learn more about managing user permissions with RBAC.

What do you like about this doc?

Let us know what we do well:

Let us contact you about your feedback:

What did you not like about this doc?

Let us know what we can improve:

Let us contact you about your feedback:

Plain Login Setup

Configure the plain login provider with user credentials

Define role-bindings

Next steps

Suggested reading

Simple online edits

Contribution guide