Skip to content

Redis Cloud API Key

Service Name: Redis Cloud

Service Description: Redis Cloud is a fully managed Database-as-a-Service (DBaaS) offering from Redis Labs that provides enterprise-grade Redis deployments in the cloud. It offers high availability, scalability, and performance for Redis databases with various deployment options across multiple cloud providers.

Service Address: https://redis.com/redis-enterprise-cloud/overview/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Redis Cloud's security settings.

Secret Access Scope: Redis Cloud API keys grant programmatic access to manage Redis Cloud resources, including creating, modifying, and deleting databases, viewing account information, and managing configurations.

Secret Revokement URL: https://app.redislabs.com/#/account

Secret Example: 7f1e123a-b456-7c89-d012-e34f56a7b8c9

Suspicious Activity Investigation Instructions:

  • Review Redis Cloud audit logs for unusual API calls or database access patterns

  • Check for unauthorized database creation or modification

  • Monitor for unexpected changes to database configurations or settings

  • Verify if there are any unusual access patterns from unfamiliar IP addresses

  • Review account activity for unauthorized user additions or permission changes

Mitigation Instructions:

  • Log in to your Redis Cloud account at https://app.redislabs.com/

  • Navigate to the Account settings section

  • Select the API Keys tab

  • Locate the compromised API key

  • Click the Delete button next to the key to revoke it

  • Create a new API key with appropriate permissions if needed

  • Update any applications or services using the old key with the new key

  • Consider implementing IP restrictions for the new API key

  • Review and update security policies for handling API keys