Redis SSL Support [#556]

CHANGELOG.md

@@ -22,7 +22,7 @@ The types of changes are:
 ### Added
 * Subject Request Details page [#563](https://github.com/ethyca/fidesops/pull/563)
 * Restart Graph from Failure [#578](https://github.com/ethyca/fidesops/pull/578)
-
+* Redis SSL Support [#611](https://github.com/ethyca/fidesops/pull/611)
 
 ## [1.5.2](https://github.com/ethyca/fidesops/compare/1.5.1...1.5.2)
 

docs/fidesops/docs/deployment.md

@@ -47,6 +47,9 @@ As with the PostgreSQL deployment, setting up a production-grade Redis cache is
 | `FIDESOPS__REDIS__HOST` | redis.internal | hostname for your Redis server |
 | `FIDESOPS__REDIS__PORT` | 6379 | port for your Redis server |
 | `FIDESOPS__REDIS__PASSWORD` | fidesopssecret | password `fidesops` should use to access Redis |
+| `FIDESOPS__REDIS__SSL` | true |  Whether we should enable Redis SSL |
+| `FIDESOPS__REDIS__SSL_CERT_REQS` | required | Hostname verification. If SSL is true, the default is that it is required. |
+
 
 ## Step 3: Setup fidesops Web Server
 

fidesops.toml

@@ -1,4 +1,4 @@
-PORT=8080
+PORT = 8080
 
 [database]
 SERVER = "db"
@@ -16,6 +16,8 @@ CHARSET = "utf8"
 DEFAULT_TTL_SECONDS = 604800
 DB_INDEX = 0
 ENABLED = true
+SSL = false
+SSL_CERT_REQS = "required"
 
 [security]
 APP_ENCRYPTION_KEY = "OLMkv91j8DHiDAULnK5Lxx3kSCov30b3"

src/fidesops/core/config.py

@@ -131,6 +131,8 @@ class RedisSettings(FidesSettings):
     DEFAULT_TTL_SECONDS: int = 604800
     DB_INDEX: int
     ENABLED: bool = True
+    SSL: bool = False
+    SSL_CERT_REQS: Optional[str] = "required"
 
     class Config:
         env_prefix = "FIDESOPS__REDIS__"

src/fidesops/util/cache.py

@@ -101,6 +101,8 @@ def get_cache() -> FidesopsRedis:
             port=config.redis.PORT,
             db=config.redis.DB_INDEX,
             password=config.redis.PASSWORD,
+            ssl=config.redis.SSL,
+            ssl_cert_reqs=config.redis.SSL_CERT_REQS,
         )
 
     connected = _connection.ping()