Currently, our Docker Compose setup includes Redis as a Dapr backend for e.g. pub-sub. Redis is not configured to require a password, since it is a localhost deployment. This issue aims to track add Redis authentication support to ensure secure communication between Dapr and Redis.
Expected Behavior
Dapr should authenticate with Redis using a confidentially accessed credential specified in our Docker Compose setup. This will prevent unauthorized access and ensure that only our services can interact with Redis.
Current Behavior
Dapr connects to Redis without authentication, which could potentially expose Redis to unauthorized access.
Possible Solution
Add credential generation for Redis, like for the other infra components
Modify the Dapr configuration to include Redis credentials
Steps to Reproduce
Launch the Docker Compose setup
Observe that Dapr components connect to Redis without requiring authentication, or
Connect with e.g. Redis Insight to redis without specifying a secret
Description
Currently, our Docker Compose setup includes Redis as a Dapr backend for e.g. pub-sub. Redis is not configured to require a password, since it is a localhost deployment. This issue aims to track add Redis authentication support to ensure secure communication between Dapr and Redis.
Expected Behavior
Dapr should authenticate with Redis using a confidentially accessed credential specified in our Docker Compose setup. This will prevent unauthorized access and ensure that only our services can interact with Redis.
Current Behavior
Dapr connects to Redis without authentication, which could potentially expose Redis to unauthorized access.
Possible Solution
Steps to Reproduce