Skip to content

Redis Connection String

Service Name: Redis

Service Description: Redis is an open-source, in-memory data structure store used as a database, cache, message broker, and streaming engine. It supports various data structures such as strings, hashes, lists, sets, and more.

Service Address: https://redis.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Redis server level using firewall rules, Redis configuration (bind directive), or through Redis ACLs.

Secret Access Scope: Grants full access to the Redis database instance, allowing for data retrieval, modification, deletion, and configuration changes depending on the user permissions.

Secret Revokement URL: Does not exist (managed through Redis configuration files or management interfaces of Redis cloud providers)

Secret Example: redis://username:password@hostname:6379/0

Suspicious Activity Investigation Instructions:

  • Review Redis logs for unusual access patterns or commands

  • Check for unexpected spikes in memory usage or CPU utilization

  • Monitor for unauthorized connections from unknown IP addresses

  • Examine command history for destructive operations (FLUSHALL, DEL on critical keys)

  • Look for data exfiltration attempts through large GET operations

Mitigation Instructions:

  • Change the Redis password immediately using the CONFIG SET command: CONFIG SET requirepass "new_password"

  • Update all application configurations that use the compromised connection string

  • Implement IP-based restrictions in Redis configuration (bind to specific IPs)

  • Enable Redis ACLs for more granular access control if using Redis 6.0+

  • Consider rotating the Redis instance to a new host if possible

  • Review and potentially restore from backups if data corruption is suspected

  • Enable TLS encryption for Redis connections if not already in use

  • Implement network-level protections like firewall rules to restrict access