Secure Redis Cluster: Adding Password Authentication and Automated Node Management

Background

Redis cluster is popular (Codis, official Redis Cluster) but the official tools do not support password authentication, creating serious security concerns.

Problems without password

Data can be modified by anyone.

Anyone can execute FLUSHALL and erase data.

Data is exposed in plain sight.

The cluster is vulnerable to attacks and noisy logs.

Why password authentication is needed

Administrators encounter several difficulties: the official redis-trib.rb does not support passwords, node addition/removal must be done manually, shard tools cannot be used, and overall management is cumbersome.

Solution: Custom Redis‑Cluster Management Tool

The author provides a tool that wraps the original Redis‑Cluster add/remove node functions and adds password support. It also automatically migrates slots when masters fail, assigns slots to new nodes, and balances slots among masters.

Redis Cluster Overview

Data shared among multiple Redis nodes.

Provides availability via partitioning.

Uses sharding with 16384 hash slots, allowing up to 16384 instances.

Automatic node discovery and failover without manual intervention.

Slave‑to‑master election and automatic fault tolerance.

Decentralized gossip protocol for peer‑to‑peer communication.

Horizontal scalability.

Integrates Sentinel‑like monitoring and automatic failover.

Official ruby tool does not support passwords.

Cluster Commands Reference

Images illustrate cluster, node, and key commands (see the original figures).

Environment Preparation

Download the tool from the provided repository (see image).

Install required system dependencies (see image).

On two machines, create Redis instances on ports 7000‑7002 and start them.

Configure the necessary Redis configuration files (see image).

Testing the Tool

1. Manual Migration

Display cluster info, assign slots, move slots from one node to another, list keys, migrate keys, and retrieve key values, verifying that the cluster operates correctly.

2. Automatic Migration

The tool automatically moves slots 8193‑8999 from node 218:7000 to 205:7000, updates the cluster state, and confirms success with CLUSTER INFO output.

3. Adding/Removing Nodes

Demonstrates adding a new node, adding a slave, replicating, deleting a slave, promoting a slave to master, and checking cluster status after each operation.

4. Setting Password

Shows how to configure password authentication for the entire cluster.

5. Fault Injection

Simulates a master node failure, triggers automatic resharding, and verifies cluster health and slot distribution.

Conclusion

The custom tool resolves the lack of password support in Redis‑Cluster, simplifies node management, and provides automated slot migration, making the cluster more secure and easier to operate.