Hybrid setup, redis security

Are there any docs on the hybrid footprint, in regards to how access to redis is secured?

Do slaves live on-prem alongside the on-prem gateways? Is access/communication between the gateway nodes and redis secured in any ways (such as w/ AUTH), or transport encryption?

For local slaves, that talk to a redis master (@ tyk?) how is that secured?

Just concerned about any sensitive data stored in redis, such as murmur3 hashed keys, where those keys contain potential PII data etc. (hashed yes, but if accessed susceptible to rainbow table attack etc?)

A hybrid deployment constant of:

  • The hybrid gateway docker container
  • A local redis DB

If there are more than one hybrid, you need to connect all hybrids to the same redis.

Hybrid can connect to our back end via tls.

Since our cloud does not record detailed logs, there’s no PII stored (no payloads).

If you are using local JS middleware then those tokens you create will never trickle up to our cloud, they stay local to your redis.

There are subtle differences between hybrid and On-Prem, sonits worth trailing first. Let me know if you want access and we’ll put you in touch with one of our account team.

If there are N hybrid gateways, each pointing to their own redis, I would assume all the redis nodes are talking to one another to keep keys in sync, and possibly synced up to a master that you guys run? How is that secured? i.e. is AUTH on etc?

I understand about the logs, which is fine, but I’m referring to the actual key data within Redis, and the configuration of those nodes. Are they using AOF logs, or snapshots (throwing that state to disk) etc

Each gateway should not have its own redis DB, redis doesn’t cluster like that, that’s not how redis works. For each gateway cluster you need a redis DB, not for each gateway.

The redis DB security is up to you, since it’s in your infrastructure.

They do not sync back except for analytics, which use hashed values (and no payloads), so we don’t store secure data on your behalf.

Connection to the hybrid back end is via TLS and APi key.