Does Redis support Encryption at rest and in transit?

Last updated 11, Apr 2023

Question

Does Redis support Encryption at rest and in transit?

Answer

At Rest

Encryption on the disk should be taken care of by the infrastructure provider (for example, AWS). If it is AWS, it is possible to use EBS encryption at rest, or any other desired third-party encryption standards. From the Redis point of view, the encryption on disk is transparent to Redis, and shouldn't impact Redis functionalities or performance.

In Transit

Redis Enterprise supports industry-standard encryption techniques including SSL and TLS. By default, each node is configured to use self-signed certificates but it is possible to import your own certificates signed by a CA of choice. Configuring the database endpoints to use the imported certificates is possible. If desired, setting up a stunnel (secure tunnel) between clients and Redis servers is possible. Note that once SSL/TLS encryption is enabled for the database endpoint, the database will not accept non-SSL connections. It is recommended to use a connection pool when using TLS in order to optimize resources.