Skip to content

Azure Redis Cache Key

Service Name: Azure Cache for Redis

Service Description: Azure Cache for Redis is a fully managed, in-memory data store based on the Redis open-source cache. It provides high-throughput, low-latency access to data for applications, improving performance and scalability.

Service Address: https://azure.microsoft.com/en-us/products/cache

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Redis Cache instance level through Azure Firewall rules and Virtual Network service endpoints.

Secret Access Scope: Grants full access to the Redis cache instance, allowing for data storage, retrieval, and management operations.

Secret Revokement URL: https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#access-keys

Secret Example: 7PXQBWyHOoxLgIWVJxzGuQSxbg3bAzFRQG6dLN9wY9o=

Suspicious Activity Investigation Instructions:

  • Review Azure activity logs for unusual access patterns or operations on the Redis cache.
  • Check for unexpected spikes in cache usage, memory consumption, or connection counts.
  • Monitor for unauthorized IP addresses accessing the cache if firewall rules are in place.
  • Examine application logs for unexpected Redis operations or data access patterns.
  • Review Azure Monitor metrics for the Redis cache to identify anomalous behavior.

Mitigation Instructions:

  • Regenerate the Redis cache access keys in the Azure portal:
  • Navigate to the Azure portal and locate your Redis cache instance
  • Go to "Access keys" under "Settings"
  • Click "Regenerate" for the compromised key (either primary or secondary)
  • Update applications with the new key
  • Implement IP restrictions using firewall rules to limit access to trusted networks.
  • Consider implementing Virtual Network Service Endpoints for enhanced security.
  • Review and update application code to ensure proper key management and rotation practices.
  • Enable diagnostic logging for the Redis cache to monitor future access patterns.
  • Consider using Azure Key Vault to securely store and manage Redis access keys.