Redis Password Encryption on Java

Thanks to its speed and scalability, Redis is the in-memory data store of choice for Java developers. However, securing Redis connections, particularly when dealing with passwords for both Redis authentication and SSL/TLS certificates, presents a hurdle for developers.

To use SSL with Redis, you need passwords for the SSL truststore (which contains the trusted certificates) and the SSL keystore (which holds your server's certificate). In addition, Redis itself requires a password for authentication.  Storing these passwords in plaintext is a risky practice. 

The Redis security documentation doesn't offer a way to encrypt these passwords, only suggesting you use passwords "long enough to prevent brute force attacks." However, today's hackers use the massive processing power of GPUs to test millions (or even billions) of passwords per second, increasing their chances of brute forcing plaintext passwords. For a better defense, Redisson PRO offers Redis password encryption for Java developers.

Redisson PRO and Redis Password Encryption

Redisson PRO makes it easy to encrypt passwords in the Redisson configuration file. It supports t hree different password types in the config file, all of which can be encrypted with a separately-configured secret key. The three types are:

1. sslTruststorePassword: Password for SSL truststore used for SSL connection to Redis.
2. sslKeystorePassword: Password for SSL keystore used for SSL connection to Redis.
3. password: Password for Redis server authentication.

The org.redisson.config.PasswordCipher is used to encrypt passwords, and the secret key file may contain any characters. The encrypted password has the {aes} prefix. Here's an example syntax:

java -cp redisson-all.jar org.redisson.config.PasswordCipher encode

So, a Java developer can enter this:

java -cp redisson-all.jar org.redisson.config.PasswordCipher encode pass123 secret_key.txt

And this would be the output:

{aes}M+TfpT4T6psLCfS+RHKT7Fx0j6r5wOX535G3NMnaphY=

The secret key file is defined through the secretKey setting in the Redisson config, a YAML file. This key is applied to all encrypted passwords. Here's an example config:

singleServerConfig:

address: "rediss://127.0.0.1:6379"

password: "{aes}M+TfpT4T6psLCfS+RHKT7Fx0j6r5wOX535G3NMnaphY="

sslTruststore: file:truststore

sslTruststorePassword: "{aes}31paDOrhnyPfDxXPgqyLZF8QR5yJU3U1bZfhsuM4Ruo="

secretKey: file:secret_key

To learn more about Redis password encryption and other PRO features, visit the Redisson website.

Similar articles

• A Redis-based Java Time Series Collection
• The Top 5 Redis-Based Java Objects
• Redis-based Ring Buffer for Java
• Redisson's Live Object Service: A Redis-based Object Mapper in Java
• Redis Streams for Java
• Spring Cloud Stream With Redis