Meetup: New Security Features in Redis 6

Redis Labs Security Product Manager Jamie Scott talked at the Redis Meetup today about “New Security Features in Redis 6 Open Source.”

Because of the Corona virus, the lecture was streamed on Youtube instead of presented to a live audience in the Redis Mountain View office.

The new security features in Redis 6 are:

  1. ACLs – defines users, passwords, access. Errors are logged and viewable.
  2. TLS now built-in, so stunnel, etc. no longer needed. Available for client, cluster and replication encryption.

Combined with Redis databases and namespaces, ACL users provide granular authentication and permissions.

Slides

James’ Comments on Compliance

From a security compliance standpoint, the new Redis security features help with:

  1. TLS addresses the encryption-in-transit requirement. Some stunnel users reported that it was 3x slower than patching TLS libraries into the Redis server directly, so this is a huge win considering that for many users, Redis is used as a high-performance cache. It also provides another option to paying for Enterprise or AWS Elasticache licenses.
  2. ACL users address the requirement to not use administrative passwords and to have least-privilege
  3. ACL users potentially address the key rotation requirement, if you add a new user/password, then expire the old user/password on a schedule. This would avoid caching layer interruption during the switchover, and lets you use infrastructure-as-code tools to first add the new user/password, then lazily update the application configuration to use the new credentials in the next release, then later drop the old user/password.

(Box wrote a proxy to accept remote TLS connections, then talk to Redis server on localhost. The proxy also managed password rotation by allowing old and new passwords during password rotation.)

mikeperham.com: Storing Data with Redis (2015)
zdnet.com: SXSW, Google I/O, Facebook F8 and more 2020 tech conference cancellations and travel bans due to coronavirus fears

Redis Labs, Inc
700 E El Camino Real #250 · Mountain View, CA
This entry was posted in Open Source, Tech, User Groups. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.