Configuring a Redis Password
For security purposes, DCS provides password-protected instances. In addition, Redis can be accessed without a password. Use an instance access mode as required.
For a DCS instance that is used on the live network or contains important information, you are advised to set a password.
- To modify an instance password, see Changing an Instance Password.
- To change the access mode (password-protected or password-free), or to reset the password, see Resetting an Instance Password.
Suggestions for Password Security
- Hide the password when using redis-cli.
If the -a <password> option is used in redis-cli in Linux, the password is prone to leakage because it is logged and kept in the history. You are advised not to use -a <password> when running commands in redis-cli. After connecting to Redis, run the auth command to complete authentication. For example:
$ redis-cli -h 192.168.0.148 -p 6379 redis 192.168.0.148:6379>auth yourPassword OK redis 192.168.0.148:6379>
- Use interactive password authentication or switch between users with different permissions.
If the script involves DCS instance access, use interactive password authentication. To enable automatic script execution, manage the script as another user and authorize execution using sudo.
- Use an encryption module in your application to encrypt the password.
Notes and Constraints
- The instance must be in the Running state.
- Access the instance on a client using the latest password. Changing the password does not interrupt existing connections and the latest password is required upon a new connection.
- Only required for password-protected instances. For password-free ones, you can set a password by referring to Resetting an Instance Password.
- For security purposes, password-free access must be disabled when public access is enabled.
Changing an Instance Password
- Log in to the management console, and choose Application > Distributed Cache Service in the service list.
- Click
in the upper left corner of the console and select the region where your instance is located.
- In the navigation pane, choose Cache Manager.
- Choose More > Change Password in the row containing the chosen instance.
- The Change Password dialog box is displayed. Enter the old and new password, and confirm it.
After 5 consecutive incorrect password attempts, the account for accessing the chosen DCS instance will be locked for 5 minutes. Passwords cannot be changed during the lockout period. You can continue other operations.
The password must meet the following requirements:- Cannot be left blank.
- Cannot be the same as the old password.
- Can be 8 to 64 characters long.
- Contain at least three of the following character types:
- Lowercase letters
- Uppercase letters
- Digits
- Special characters (`~!@#$^&*()-_=+\|{},<.>/?)
- In the Change Password dialog box, click OK to confirm the password change.
The new password takes effect immediately on the server without requiring a restart.
Resetting an Instance Password
- Log in to the management console, and choose Application > Distributed Cache Service in the service list.
- Click
in the upper left corner of the console and select the region where your instance is located.
- In the navigation pane, choose Cache Manager.
- To change the password setting for a DCS Redis instance, choose More > Reset Password in the Operation column in the row containing the chosen instance.
- In the Reset Password dialogue box, perform either of the following operations as required:
- Change password-protected access to password-free access.
Switch the toggle for Password-Free Access and click OK.
Disabling password protection may compromise security. You can set a password later by password resetting.
- Change password-free access to password-protected access or reset the password.
Enter a password, confirm the password, and click OK. Resetting passwords takes effect immediately without server restart.
The system will display a success message only after the password is successfully reset on all nodes. If the reset fails, the instance will restart and the old password of the instance is still being used.
The password must meet the following requirements:- Cannot be left blank.
- Cannot be the same as the old password.
- Can be 8 to 64 characters long.
- Contain at least three of the following character types:
- Lowercase letters
- Uppercase letters
- Digits
- Special characters (`~!@#$^&*()-_=+\|{},<.>/?)
- Change password-protected access to password-free access.
Related Document
To modify or reset a password by calling an API, see Changing the Password and Resetting a Password.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.