So I find myself needing to use redis-cli to modify the keys on a running Redis instance to deal with a few Sidekiq issues. And, much to my surprise, I can’t simply connect to it and make changes because I keep getting Error: Connection reset by peer errors. A bit of a deep dive taught me this:
- Our redis instance is encrypted both at rest and in transit
- The way to do this is to connect to it via stunnel which builds a secure tunnel
- You have to supply the password on the command line to redis-cli; this surprised me because it leaves the password in the shell history and that’s fscking awful for security; grumble, grumble, grumble
Here are some references that I followed:
Here are the steps I followed:
- I started by installing stunnnel.
- I continued by building a mapping for stunnel to the redis server I wanted to mess with. This required getting the redis server url from our application’s settings.
- Start the tunnel
- Verify that the tunnel is running.
- I connected to redis-cli passing the -a password option.
I was able to then verify that redis-cli works correctly by doing a simple set / get:
set a “hello” get a
And this positioned me for being able to run a redis-cli keys command. Of course the keys routine I needed to run was error full but that’s another story …