docassemble icon indicating copy to clipboard operation
docassemble copied to clipboard

Published 20 hours ago verified publisher icon jhpyle

Add support for SSL to redis

Open waterfoul opened this issue 3 years ago • 1 comments

Currently you cannot encrypt the redis connection due to the connection string parser not supporting rediss:// protocol nor a ssl=true flag

https://docs.objectrocket.com/redis_python_examples.html#connecting-with-ssl

waterfoul avatar Mar 04 '22 21:03 waterfoul

The latest version has support for this. I tested it with Elasticache for Redis with "encryption in transit" turned on.

CONTAINERROLE=web:celery:cron:rabbitmq:log:sql:mail
REDIS=rediss://:[email protected]

I verified that redis-cli couldn't talk to the Redis server without --tls. I didn't test using my own certificates (it didn't seem to be something that Elasticache for Redis supported). The docassemble code does allow for that if you put files with the right names in the certificates directory. https://docassemble.org/docs/config.html#redis The above configuration resulted in a working Redis connection initiated with ssl=True, so I guess that means it works?

Anyway, let me know if you have any issues getting this to work.

jhpyle avatar Mar 14 '22 15:03 jhpyle

I am closing this for now but please reopen if you have any issues. Thanks for the issue - it is good to have this new capability.

jhpyle avatar Aug 13 '22 14:08 jhpyle