TLS encryption keeps data safe when it moves between your computer and the Redis server. It stops others from seeing or changing your data.
redis-server --tls-port 6379 \ --port 0 \ --tls-cert-file /path/to/server.crt \ --tls-key-file /path/to/server.key \ --tls-ca-cert-file /path/to/ca.crt
Use --tls-port to enable TLS on a specific port.
Set --port 0 to disable non-TLS connections for better security.
redis-server --tls-port 6380 --port 0 --tls-cert-file server.crt --tls-key-file server.key --tls-ca-cert-file ca.crt
redis-cli -h myredis.example.com -p 6380 --tls --cert client.crt --key client.key --cacert ca.crtThis example shows how to start Redis with TLS and connect securely using redis-cli. Then it sets and gets a value.
# Start Redis server with TLS enabled redis-server --tls-port 6379 --port 0 --tls-cert-file /etc/redis/server.crt --tls-key-file /etc/redis/server.key --tls-ca-cert-file /etc/redis/ca.crt # Connect to Redis server using TLS redis-cli -p 6379 --tls --cacert /etc/redis/ca.crt # Run a simple command SET greeting "Hello, TLS!" GET greeting
Make sure your certificate files are valid and trusted by both server and client.
Disabling the non-TLS port (--port 0) helps prevent accidental unencrypted connections.
Redis 6.0 and later support TLS natively.
TLS encryption protects data sent between Redis clients and servers.
Enable TLS by configuring Redis server with certificates and using --tls-port.
Use redis-cli --tls to connect securely to a TLS-enabled Redis server.