Securing Reddie
Depending on your needs, you may want to secure Reddie from unauthorized use.
Setting a signing key
Launching Reddie using the SIGNING_KEY parameter sets a password for the Reddie app.
The password is used as a request signing key, and all transactions are signed with it.
This is used to authorize the user and also to protect all communications from Man-in-the-middle and replay attacks (where requests are tampered with).
For more information about SIGNING_KEY, refer to Running Reddie
Encrypting traffic
All Reddie communications are always encrypted. When Reddie launches, if it is not configured with a TLS certificate, a self-signed certificate is created. While a self-signed certificate provides basic encryption, server identity cannot be guaranteed.
It is suggested to provide your own TLS certificate to Reddie. With this configuration, all communications are encrypted and you can guarantee that the server identity is valid.
For more information, refer to Running Reddie
File system security
It is possible to mount Reddie’s file storage location to the host file system using Docker. If you do this, it is worth considering the security of the files exposed.
When connecting to Redis servers with requirepass authentication, Reddie stores the password in its file storage.
Secure this directory as appropriate given the sensitivity of the Redis server passwords.
Alternatively, you can disable password storage with the STORE_REDIS_PASSWORDS parameter.
For more information, refer to Running Reddie
Redis server authentication
Reddie supports authentication with servers using requirepass, so feel free to set passwords on your Redis nodes.
Note: Reddie does not support differing passwords across a single cluster