Authentication with Redis Sentinel

[Dmitry Shmulevich]

I'm trying to better understand Redis Sentinel authentication.

Would appreciate it if someone could clarify.

Per Redis Sentinel documentation,

"You can also configure the Sentinel instance itself in order to require client authentication via the AUTH command, however this feature is only available starting with Redis 5.0.1.

In order to do so, just add the following configuration directive to all your Sentinel instances: requirepass <your_password_here?"

My questions:

1. Does Redis Sentinel password have to be identical to that of the master?

2. Would password-protected Sentinel nodes work with master that does not require authentication? I realize that this scenario might not make much sense, but I'm just wondering if this use case is supported.

[Greg Andrews]

Sentinel runs as different processes than the Redis datastore/database processes, and Sentinel reads different configuration files.

So the answer to your questions:

1. Does Redis Sentinel password have to be identical to that of the master?  No.
2. Would password-protected Sentinel nodes work with master that does not require authentication?  It should, though I can't say I've ever tried that myself.

You have to consider that clients talking to Sentinel are getting information about which IP/port is the master and which IPs/ports are the slaves.  If the clients aren't required to give a password to read/write the data in Redis, should they be required to give a password to learn the IPs/ports to reach Redis?  What makes the knowledge of which IPs/ports Redis is on more secret than the data in Redis?