Skip to main content

Redis Server Password



  • Documentation:
  • Summary: Redis is a distributed in-memory key-value database. This detector aims at catching Redis passwords leaked in CLI. Typically the password is the one used when setting up the server with the redis-server command.
  • IPs allowlist: IP allowlisting can and should be implemented on the server hosting the Redis instance. Refer to this security documentation for more details.
  • Scopes: By default Redis does not implement Access Control. Yet, an authorization layer can be set when configuring Redis. Since Redis 6, a real Access Control List can be set to attribute different scopes to different users. Before this, a single password gave full access to the database. See this ACL documentation for more details on the topic.

Revoke the secret

Redis supports the DELUSER command to both delete the specified users and terminate all their connections.

Check for suspicious activity

Suspicious activity can be detected by auditing Redis log files.

Details for Redis server password cli

  • Family: Database

  • Category: Data storage

  • Company: Redis

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.36

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
- redis-server
- type: ContentWhitelistPreValidator
- --requirepass


- text: |
image: redis:alpine
restart: always
command: /bin/sh -c "redis-server --requirepass ltr6qpi@55"
password: ltr6qpi@55

How can I help you ?