skip to Main Content

I want to add password to Redis.

I interested if there is a way to save encrypted password in redis.conf and not as plain text?

Or a way not to store the password in redis.conf at all?

3

Answers


  1. No Redis doesn’t support encrypted password for auth. You may check the details in official documentation

    The password is set by the system administrator in clear text inside the redis.conf file. It should be long enough to prevent brute force attacks.

    Additionally;

    The AUTH command, like every other Redis command, is sent unencrypted, so it does not protect against an attacker that has enough access to the network to perform eavesdropping.

    You may use config set requirepass yourpassword to set password and this will not require a server restart but set it on-fly, but when the server is restarted your previous password(written in conf file)/no password(if it is not set) will be used to authenticate requests.

    Login or Signup to reply.
  2. By default redis.conf atleast until today with its most recent version – 6.0.1 still doesnt support encrypting a password.

    While this is a situation is not fully avoidable, at the best, you can automate this by writing a wrapper startup script that would accept password as an argument and bring up the service. And then, once the service is up, ALTHOUGH THIS IS TO BE AVOIDED AND IS NOT RECOMMENDED you can delete the conf file or change the password in that file. and, before the startup of REDIS, you would require to run the startup script again/ re-enter the original password. BUT THIS CAN ADDITIONALY CAUSE PROBLEMS.

    Please note -> redis.conf can be secured by linux/OS permissions and thats the best way to do so

    Login or Signup to reply.
  3. Well while encryption is till now not an option, Redis 6 introduced ACL (Access Control List) where you can store your SHA256-hashed passwords in the redis.conf file.

    Please note that this not an Encryption though!

    From redis-cli:

    acl setuser yourUser on #951249c8e32817cb0727ba2b1440f008c49c582e5daca4a0bd6d64eed1291a37
    

    From redis.conf

    user yourUser on #951249c8e32817cb0727ba2b1440f008c49c582e5daca4a0bd6d64eed1291a37
    

    Additional note:

    You may need to disable the default user which does not have a password:

    From redis-cli:

    acl setuser default off
    

    From redis.conf

    user default off
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search