django-cacheops with aws redis Encryption

Question

I have set up redis with Encyption in transit and rest. I have come across https://dev.to/yuki0417/easy-way-to-connect-to-amazon-elasticache-redis-with-password-from-django-app-40il and Connect to AWS ElastiCache with In-Transit Encryption. As I am using https://github.com/Suor/django-cacheops shows nothing regarding ssl how can I implement ssl to use the aws redis with encryption?

I have tried

CACHEOPS_REDIS = {
        'host': "redis://{}".format(os.environ.get("REDIS_LOCATION")),
        'socket_timeout': 3,
        'ssl': True,
    }

After reading the following https://github.com/jazzband/django-redis/issues/353 I have tried, but it still does not work

CACHEOPS_REDIS = {
        'host': "rediss://{}/0".format(os.environ.get("REDIS_LOCATION")),
        'socket_timeout': 3,
    }

CACHES = {
        "default": {
            "BACKEND": "django_redis.cache.RedisCache",
            "LOCATION": CACHEOPS_REDIS,
            "OPTIONS": {
                "CLIENT_CLASS": "django_redis.client.DefaultClient",
                "IGNORE_EXCEPTIONS": True,
                'CONNECTION_POOL_KWARGS': {
                    'skip_full_coverage_check': True,
                    "ssl_cert_reqs": None,
                    "ssl": True
                }
            },
            "KEY_PREFIX": ENVIRONMENT
        }
    }

certificates in

I have the following

$ ll /etc/ssl/certs/
total 12
lrwxrwxrwx 1 root root   49 Sep 22 17:47 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx 1 root root   55 Sep 22 17:47 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

score 0 · Answer 1 · answered Nov 27 '20 at 22:43

0

You need to define path to a ssl cert. This example valid for Ubuntu

CACHES = {
    "default": {
        # …
        "OPTIONS": {
            "CONNECTION_POOL_KWARGS": {
                "ssl_ca_certs": "/etc/ssl/certs/ca-certificates.crt",
            },
        },
    },
}

You can define where to find your certificate on target OS by this code (MacOS example response)

import certifi
certifi.where()

As for me, I'm not using cloud Redis - too much to wait for the request-response cycle. If this is a cache - find a way to use a locally installed cache or shared it within a security group. Only a few types of projects really need Redis on SSL or cloud Redis.

answered Nov 27 '20 at 22:43

fanni

1,149
8
11

I am using aws, I don't have ssl cert. I am using certificate manager in aws – shorif2000 Nov 30 '20 at 14:38
it's your local system's cert. When you are establishing a TLS connection you need a cert and your Python has it. Make import certifi certifi.where() and comment result here – fanni Dec 01 '20 at 21:21
`Traceback (most recent call last): File "test.py", line 3, in import certifi ImportError: No module named certifi` – shorif2000 Dec 02 '20 at 20:08
I added to question – shorif2000 Dec 02 '20 at 20:10
hmmmm? can you install the package? – fanni Dec 03 '20 at 00:33

django-cacheops with aws redis Encryption

1 Answers1