Redis Password Encryption on Java
Thanks to its speed and scalability, Redis is the in-memory data store of choice for Java developers. However, securing Redis connections, particularly when dealing with passwords for both Redis authentication and SSL/TLS certificates, presents a hurdle for developers.
To use SSL with Redis, you need passwords for the SSL truststore (which contains the trusted certificates) and the SSL keystore (which holds your server's certificate). In addition, Redis itself requires a password for authentication. Storing these passwords in plaintext is a risky practice.
The Redis security documentation doesn't offer a way to encrypt these passwords, only suggesting you use passwords "long enough to prevent brute force attacks." However, today's hackers use the massive processing power of GPUs to test millions (or even billions) of passwords per second, increasing their chances of brute forcing plaintext passwords. For a better defense, Redisson PRO offers Redis password encryption for Java developers.
Redisson PRO and Redis Password Encryption
Redisson PRO makes it easy to encrypt passwords in the Redisson configuration file. It supports t hree different password types in the config file, all of which can be encrypted with a separately-configured secret key. The three types are:
-
sslTruststorePassword
: Password for SSL truststore used for SSL connection to Redis. -
sslKeystorePassword
: Password for SSL keystore used for SSL connection to Redis. -
password
: Password for Redis server authentication.
The org.redisson.config.PasswordCipher
is used to encrypt passwords, and the secret key file may contain any characters. The encrypted password has the {aes} prefix. Here's an example syntax:
java -cp redisson-all.jar org.redisson.config.PasswordCipher encode
So, a Java developer can enter this:
java -cp redisson-all.jar org.redisson.config.PasswordCipher encode pass123 secret_key.txt
And this would be the output:
{aes}M+TfpT4T6psLCfS+RHKT7Fx0j6r5wOX535G3NMnaphY=
The secret key file is defined through the secretKey setting in the Redisson config, a YAML file. This key is applied to all encrypted passwords. Here's an example config:
singleServerConfig:
address: "rediss://127.0.0.1:6379"
password: "{aes}M+TfpT4T6psLCfS+RHKT7Fx0j6r5wOX535G3NMnaphY="
sslTruststore: file:truststore
sslTruststorePassword: "{aes}31paDOrhnyPfDxXPgqyLZF8QR5yJU3U1bZfhsuM4Ruo="
secretKey: file:secret_key
To learn more about Redis password encryption and other PRO features, visit the Redisson website.