3

I want to add password to Redis.

I interested if there is a way to save encrypted password in redis.conf and not as plain text?

Or a way not to store the password in redis.conf at all?

Maria Dorohin
  • 355
  • 4
  • 17

3 Answers3

3

By default redis.conf atleast until today with its most recent version - 6.0.1 still doesnt support encrypting a password.

While this is a situation is not fully avoidable, at the best, you can automate this by writing a wrapper startup script that would accept password as an argument and bring up the service. And then, once the service is up, ALTHOUGH THIS IS TO BE AVOIDED AND IS NOT RECOMMENDED you can delete the conf file or change the password in that file. and, before the startup of REDIS, you would require to run the startup script again/ re-enter the original password. BUT THIS CAN ADDITIONALY CAUSE PROBLEMS.

Please note -> redis.conf can be secured by linux/OS permissions and thats the best way to do so

user13424620
  • 134
  • 5
  • This suggestion does not help in a multi-tenant scenario with segregated (many redis clients each of them with a different password and different data) – Benedetto Jun 28 '21 at 07:44
2

No Redis doesn't support encrypted password for auth. You may check the details in official documentation

The password is set by the system administrator in clear text inside the redis.conf file. It should be long enough to prevent brute force attacks.

Additionally;

The AUTH command, like every other Redis command, is sent unencrypted, so it does not protect against an attacker that has enough access to the network to perform eavesdropping.

You may use config set requirepass yourpassword to set password and this will not require a server restart but set it on-fly, but when the server is restarted your previous password(written in conf file)/no password(if it is not set) will be used to authenticate requests.

Ersoy
  • 8,816
  • 6
  • 34
  • 48
1

Well while encryption is till now not an option, Redis 6 introduced ACL (Access Control List) where you can store your SHA256-hashed passwords in the redis.conf file.

Please note that this not an Encryption though!

From redis-cli:

acl setuser yourUser on #951249c8e32817cb0727ba2b1440f008c49c582e5daca4a0bd6d64eed1291a37

From redis.conf

user yourUser on #951249c8e32817cb0727ba2b1440f008c49c582e5daca4a0bd6d64eed1291a37

Additional note:

You may need to disable the default user which does not have a password:

From redis-cli:

acl setuser default off

From redis.conf

user default off
Bakri Bitar
  • 1,543
  • 18
  • 29