Enable users in YEDIS

• YSQL
• YCQL
• YEDIS

YEDIS authentication is based on passwords. Each client connecting using the YEDIS API should provide a valid password in order to execute any command successfully.

NOTE: YEDIS implements a password-only authentication scheme. From the Redis security docs page ("Authentication feature" section), the open source version of Redis does not try to implement authentication, providing a small layer of authentication that can optionally be enabled in the redis.conf file.

1. Enable YEDIS authentication

You can enable password-based authentication in YEDIS API using the CONFIG command.

To do so, connect to the cluster using redis-cli and run the following command:

127.0.0.1:6379> CONFIG SET requirepass "password"

"OK"

2. Connect with redis-cli

Next exit redis-cli, connect to the cluster again using redis-cli and run the PING command (or any other command).

127.0.0.1:6379> PING

(error) NOAUTH PING: Authentication required.

You would need to authenticate the client (redis-cli in this case) by running the AUTH command:

127.0.0.1:6379> AUTH password

"OK"

Subsequently, running any command would succeed:

127.0.0.1:6379> PING

PONG

3. Changing authentication credentials

YEDIS allows for multiple passwords (up to 2) to be accepted. This enables performing a graceful change of password without experiencing any application outage. Note that this requires knowing the old password.

Let us assume that the old password is old-password and the new password you intend to change it to is new-password. The preferred sequence is:

• Add a new password

127.0.0.1:6379> CONFIG SET requirepass "old-password,new-password"

This enables connecting to the database using both passwords.

• Change password used by the application tier

This would involve changing the config or pushing an updated binary to the application tier so that it now connects using new-password.

• Drop old password

127.0.0.1:6379> CONFIG SET requirepass "new-password"