Securing Redis with ACLs?

Is it possible to add a username and/or key prefix details to the Redis details within the env file?

Would be useful if sharing a single instance of Redis across multiple applications, on multi-tenant/shared hosting etc.


Can you please help us understand how you’re using the app?

You may want to review the app’s license:

Thanks, from my understanding of that I’m not running a SaaS so should be within the license terms?

I have the app on a server that also has 2 of my businesses promotional sites. I am currently using a single instance of Redis on both IN and these sites, but would like to restrict access to Redis by using ACLs to have better isolation between apps. Install is self hosted zip with white-label license.

IN has password, but wasn’t sure if prefix / username options are available?

@david can you please advise?

i’d look into the redis authentication inthe laravel docs

Thanks for the help so far.

According to those docs using REDIS_USERNAME should work, but when I add this to the IN .env file I get the below error in laravel.log:

[previous exception] [object] (Predis\\Connection\\ConnectionException(code: 0): `AUTH` failed: WRONGPASS invalid username-password pair [tcp://] at /home/myapp/webapps/myappagain/vendor/predis/predis/src/Connection/AbstractConnection.php:144)

Add can confirm the user/password is correct, tested with redis-cli, no special characters used.

I’m not sure all Redit params are available in the .env file, instead you can update the values directly in the queue config file.

Note: these values would be overwritten when updating the app.

Thanks, no chance of those params being supported by the .env file in future? It would be an easy security enhancement for users after all :slightly_smiling_face:

Sure, you’d need to either create an issue on GitHub to request or submit a pull request.