How to Change Redis Password

Security is a fundamental feature, especially when running an application in production. However, one of the critical parts that tend to be ignored regarding security is Redis. Even if you use Redis as a caching mechanism, it can serve as a gateway to your application if exploited.

This article will explore how secure your Redis instance is using a password. This will prevent any users without a password from running commands on your server.

Redis Set Password at Runtime

If you are looking for a simple but temporary solution to set a password for your Redis server, you can use the config set command.

Before doing so, check if the server is already secured with a password.

Login to your Redis CLI and run the command:> auth password

If the server has no password set. It should return:

(error) ERR Client sent AUTH, but no password is set

However, if the server is already secured with a password, it should return:

(error) WRONGPASS invalid username-password pair

To set a password at runtime, run the command:> CONFIG SET requirepass "super_secure_password"

Replace the super_secure_password with the password of your choice.

If the command is executed successfully, the server should respond with OK.

To test the password, run:> AUTH super_secure_password

The command above should return OK if you provide the correct password.

Redis Set Password in Config File

If you want to secure your server permanently, you can set a password in the Redis configuration file.

Edit the redis.conf file:

$ sudo nano /etc/redis/redis.conf

Locate the entry #requirepass.

This entry should be commented out by default and set to foobared

# requirepass foobared

Uncomment the line above and set your secure password.

requirepass super_secure_password

Save and close the file.

Login to your Redis CLI and run a command:> set mykey myvalue
(error) NOAUTH Authentication required.

You will notice that the server returns an error. To execute commands, you need to authenticate using the AUTH command.> AUTH super_secure_password


This tutorial covered how to secure your Redis instance using a password.

Thanks for reading!!

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list