The username + password auth in redis has a few downsides:
- Password rotation is very tricky b/c only one password can be "active" at any given time. When coupled with the fact that each node manages its own auth independently, this can cause issues during password rotations.
- Since each node manages its own auth independently, integration with Vault is very tricky.
- Usernames and passwords are fairly difficult to debug. Unlike certs, they do not care metadata about issue and expiration time.
As a result, we are changing the standard auth paradigm to use x.509 certificates.
The username + password auth in redis has a few downsides:
As a result, we are changing the standard auth paradigm to use x.509 certificates.