Security is a fundamental feature, especially when running an application in production. However, one of the critical parts that tend to be ignored regarding security is Redis. Even if you use Redis as a caching mechanism, it can serve as a gateway to your application if exploited.
This article will explore how secure your Redis instance is using a password. This will prevent any users without a password from running commands on your server.
Redis Set Password at Runtime
If you are looking for a simple but temporary solution to set a password for your Redis server, you can use the config set command.
Before doing so, check if the server is already secured with a password.
Login to your Redis CLI and run the command:
If the server has no password set. It should return:
However, if the server is already secured with a password, it should return:
To set a password at runtime, run the command:
Replace the super_secure_password with the password of your choice.
If the command is executed successfully, the server should respond with OK.
To test the password, run:
OK
The command above should return OK if you provide the correct password.
Redis Set Password in Config File
If you want to secure your server permanently, you can set a password in the Redis configuration file.
Edit the redis.conf file:
Locate the entry #requirepass.
This entry should be commented out by default and set to foobared
Uncomment the line above and set your secure password.
Save and close the file.
Login to your Redis CLI and run a command:
(error) NOAUTH Authentication required.
You will notice that the server returns an error. To execute commands, you need to authenticate using the AUTH command.
OK
Conclusion
This tutorial covered how to secure your Redis instance using a password.
Thanks for reading!!
