After installing the Redis server, our next task is to set up the authentication. In this article we are discussing- how to set a password for the default user in Redis.
The default user name for Redis is “default“. The basic steps of authentication will work for the “default” user.
To create new users and set passwords for those users, we need to use the Access Control List(ACL) of Redis. Using ACL we can set complex permissions for the user. ACL is available for Redis version 6 and later.
In this article, we are discussing how to set the password for the “default” Redis user. Let’s check step-by-step.
Method #1: Using redis-cli [Temporary]
Setting a password using the method will be reset when the Redis server is restarted. So, do not use this in production.
This is useful for a quick setup and checking.
First, connect to Redis server by using the “redis-cli“-
Password for the “default” user is set in the configuration named “requirepass“. Let’s check what is the default value for that configuration. Use the command “CONFIG GET requirepass” for that-
127.0.0.1:6379> CONFIG GET requirepass 1) "requirepass" 2) ""
We can see the value of “requirepass” is an empty string. This means we can use the Redis server without authentication.
To set the password for the “default” user, use the command “CONFIG SET“. In the following command, we are setting the password “bigboxpass” for the default user-
127.0.0.1:6379> CONFIG SET requirepass bigboxpass OK
This command returned “OK“, which means the password is set properly.
Now if we exit the terminal or exit the “redis-cli“, and then connect again.
Try to get some keys, by using the “GET” command-
127.0.0.1:6379> get somekey (error) NOAUTH Authentication required.
An error is returned “NOAUTH“. So, now we can not access Redis keys without authentication.
Authenticate Default User
Let’s perform the authentication. For authentication, we use the “AUTH” command. The format of the command usage is “AUTH your_password_here”. As we have set the password “bigboxpass“, so the following command will work-
127.0.0.1:6379> AUTH bigboxpass OK 127.0.0.1:6379> get somekey "bigboxcode.com"
On authentication, we got “OK“, which means authentication is done successfully. And now we are able to access data from Redis.
Check Default User Password
Let’s check the value of “requirepass” config now.
127.0.0.1:6379> CONFIG GET requirepass 1) "requirepass" 2) "bigboxpass"
We can see the correct password is returned as the value of the command “CONFIG GET“.
Use of Wrong Password
Let’s check using a wrong password-
127.0.0.1:6379> AUTH somewrongpassword (error) WRONGPASS invalid username-password pair or user is disabled.
An auth fail error is returned as expected.
To disable password authentication of the “default” user, we can set the value of “requirepass” config to blank/empty string(“”), like below-
127.0.0.1:6379> config set requirepass "" OK
After running this command, we don’t need to authenticate using a password.
Method #2: Using redis.conf [Permanent Solution]
As discussed in the previous section we saw the password is saved in the config “requirepass”. In this method we will change the “requirepass” permanently.
The config of “requirepass” is saved in the “redis.conf” file. Let’s open the config file. We are opening in vim editor, you can open it in your preferred editor.
sudo vim /etc/redis/redis.conf
Then we have to look for the section “requirepass …..”. It will look like the below, the line is commented, and has some comment above it.
# IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility # layer on top of the new ACL system. The option effect will be just setting # the password for the default user. Clients will still authenticate using # AUTH <password> as usually, or more explicitly with AUTH default <password> # if they follow the new protocol: both will work. # # The requirepass is not compatible with aclfile option and the ACL LOAD # command, these will cause requirepass to be ignored. # # requirepass foobared
In our Ubuntu server Redis config file, we found the configuration at line 1036
We have to uncomment(by removing the ‘#’ sign from the start of the line) the line “requirepass …..” and put our password after the “requirepass”. Here we have set the password “bigboxpass”.
# IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility # layer on top of the new ACL system. The option effect will be just setting # the password for the default user. Clients will still authenticate using # AUTH <password> as usually, or more explicitly with AUTH default <password> # if they follow the new protocol: both will work. # # The requirepass is not compatible with aclfile option and the ACL LOAD # command, these will cause requirepass to be ignored. # requirepass bigboxpass
Restart Redis service, to activate the password change.
sudo service redis-server restart
Connect to Redis CLI using the following command-
Now we can use the “AUTH” command like below-
127.0.0.1:6379> AUTH bigboxpass OK
Or we can connect using a password directly from the Redis CLI, using the following command –
redis-cli -h 127.0.0.1 -p 6379 -a bigboxpass
The -a argument/flag for passing the password.