Redis Connection String
Service Name: Redis
Service Description: Redis is an open-source, in-memory data structure store used as a database, cache, message broker, and streaming engine. It supports various data structures such as strings, hashes, lists, sets, and more.
Service Address: https://redis.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Redis server level using firewall rules, Redis configuration (bind directive), or through Redis ACLs.
Secret Access Scope: Grants full access to the Redis database instance, allowing for data retrieval, modification, deletion, and configuration changes depending on the user permissions.
Secret Revokement URL: Does not exist (managed through Redis configuration files or management interfaces of Redis cloud providers)
Secret Example: redis://username:password@hostname:6379/0
Suspicious Activity Investigation Instructions:
-
Review Redis logs for unusual access patterns or commands
-
Check for unexpected spikes in memory usage or CPU utilization
-
Monitor for unauthorized connections from unknown IP addresses
-
Examine command history for destructive operations (FLUSHALL, DEL on critical keys)
-
Look for data exfiltration attempts through large GET operations
Mitigation Instructions:
-
Change the Redis password immediately using the CONFIG SET command:
CONFIG SET requirepass "new_password" -
Update all application configurations that use the compromised connection string
-
Implement IP-based restrictions in Redis configuration (bind to specific IPs)
-
Enable Redis ACLs for more granular access control if using Redis 6.0+
-
Consider rotating the Redis instance to a new host if possible
-
Review and potentially restore from backups if data corruption is suspected
-
Enable TLS encryption for Redis connections if not already in use
-
Implement network-level protections like firewall rules to restrict access