TL;DR – I’m in the process of researching how to do a least privileges deployment of Redis into a production environment which you’ll find as an Oystr “living document” at http://oystr.co/#/christomich/MyMemorySucks-Maps/Deploying-and-Securing-Redis-in-Production
For the last few weeks I’ve been working on a new project of mine called Oystr. Even though I have been a C# and .NET developer in the commercial space for the last 12 years, I thought that with Oystr I might start developing it with NodeJS / AngularJS on top of Ubuntu. Now while that may seem like a pretty crazy 180 degree turn, in my early days as a high school teenager (some 15 – 20 years ago) I actually had quite an interest in developing with C++ on Slackware Linux and messed around with kernel development and driver development (breaking more things than I fixed).
As part of this new venture, I also decided to start using NoSQL databases like MongoDB and Redis to store the issue maps / mind maps for Oystr. It’s actually kind of nice to take a break from SQL and use different kinds of data stores. Thing is though, as I have been an architect and consultant on many enterprise projects, when I started to deploy these databases I immediately started to have anxiety around the question of “how do I deploy these in a least privileges model?!?!”.
I have to say, I was a little disappointed that when I did do a search for “redis least privileges deployment” I didn’t get as much back as I wanted to. Also I was a little concerned when I read in the the security section of the Redis site “Redis is designed to be accessed by trusted clients inside trusted environments.” – the little security infrastructure guy in me was screaming at this point. Anyway, I thought I’d start mapping out in Oystr my research on the topic and so I’ve decided to share. Hopefully others will find this useful and if you do have anything to add, please tweet me at @christomich82 because I would be happy to add it into the map. You’ll find my research map at http://oystr.co/#/christomich/MyMemorySucks-Maps/Deploying-and-Securing-Redis-in-Production . It’s a living document so it’s still a work in progress but hopefully it’ll become a fairly useful resource as I add more into it. Below is a snapshot of one of the maps I’ve created breaking down the components of the configuration file.