Encryption in Redis Enterprise Software
Encrypt data in transit
Redis Enterprise Software uses Transport Layer Security (TLS) to encrypt communications for the following:
Cluster Manager UI
You can also enable TLS authentication for the following:
Communication from clients or applications to your database
Communication from your database to other clusters for replication using Replica Of
Communication to and from your database to other clusters for Active-Active synchronization
Internode encryption uses TLS to encrypt data in transit between cluster nodes.
By default, internode encryption is enabled for the control plane, which manages the cluster and databases. If you also want to encrypt replication and proxy communications between database shards on different nodes, enable data plane internode encryption.
By default, the Redis Enterprise Software API supports communication over HTTP and HTTPS. However, you can turn off HTTP support to ensure that API requests are encrypted.
Encrypt data at rest
File system encryption
To encrypt data stored on disk, use file system-based encryption capabilities available on Linux operating systems before you install Redis Enterprise Software.
Enable PEM encryption to encrypt all private keys on disk.
Encrypt data in use
Use client-side encryption to encrypt the data an application stores in a Redis database. The application decrypts the data when it retrieves it from the database.
You can add client-side encryption logic to your application or use built-in client functions.
Client-side encryption has the following limitations:
Operations that must operate on the data, such as increments, comparisons, and searches will not function properly.
Increases management overhead.