I have a RedisInsight instance running in my Kubernetes cluster. I exposed it using Kong Ingress. My issue is that when I display it it doesn´t have any mechanismn of authentication.
I already set the environemnt variables: RITRUSTEDORIGINS, RIAUTHPROMPT, RIAUTHTIMER. But this doesn´t give the level of security that I want. With this in place anyone can access my site and delete any databases without the need of authentication.
2
Answers
Redis insight maybe not provide any type of Auth option. Redis provides the auth and TLS options generally.
So if you are using the Kong gateway you can set use the plugin with Kong to setup the Auth on the URL of insight. There is tons of option available with Kong for Auth like API key, JWT, User/Pass etc.
we have sample setups of multiple levels of proxy authentications.
If you want to add admin level password to protect from redisinsight v1, check this out – https://github.com/RedisInsight/RedisInsight-reverse-proxy
The variables you have mentioned don’t protect RedisInsight itself but the protection is at the instance level. It doesn’t allow a user to access an instance for which they don’t have a password even if the instance is added to RedisInsight. Here’s the description of RedisInsight v1 environment variables you have mentioned:
RITRUSTEDORIGINS
– This makes RI reachable via the domain you are hosting.RIAUTHPROMPT
– This makes the authentication prompt available. The username and password are the same as the one for that redis the prompt is shown.RIAUTHTIMER
– How often the prompt to be shown.