Uploaded image for project: 'Planet4'
  1. Planet4
  2. PLANET-4573

Password protect redis instances

XMLWordPrintable

    • Icon: Infra Task Infra Task
    • Resolution: Merged
    • Icon: Should have Should have
    • None
    • None
    • None

      Connections to redis pods are not secured by passwords, meaning any pod in the namespace (cluster) can read and write to other redis instance in cluster.

      • [ ] Create redis connection secret in helm chart
      • [ ] Password protect wordpress connection
      • [ ] Password protect openresty connection
      • [ ] Ensure connections from command line / helper scripts work as expected

      See: https://github.com/greenpeace/planet4-docker/blob/master/src/planet-4-151612/wordpress/wp-config.php.tmpl#L89-L93

      As per https://github.com/pantheon-systems/wp-redis/blob/master/object-cache.php#L1071 I believe the authentication parameter for `$redis_server` is 'auth' but tbc

            gmintoco Gus Minto Cowcher [X] (Inactive)
            rawalker Ray Walker (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: