{
  "id": "encryption",
  "title": "Encryption in Redis Enterprise Software",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/security/encryption/",
  "summary": "Encryption in Redis Enterprise Software.",
  "content": "\nRedis Enterprise Software uses encryption to secure communications between clusters, nodes, databases, and clients and to protect [data in transit](https://en.wikipedia.org/wiki/Data_in_transit), [at rest](https://en.wikipedia.org/wiki/Data_at_rest), and [in use](https://en.wikipedia.org/wiki/Data_in_use).\n\n## Encrypt data in transit\n\n### TLS\n\nRedis Enterprise Software uses [Transport Layer Security (TLS)]() to encrypt communications for the following:\n\n- Cluster Manager UI\n\n- Command-line utilities\n\n- REST API\n\n- Internode communication\n\nYou can also [enable TLS authentication]() for the following:\n\n- Communication from clients or applications to your database\n\n- Communication from your database to other clusters for replication using [Replica Of]()\n\n- Communication to and from your database to other clusters for [Active-Active]() synchronization\n\n### Internode encryption\n\n[Internode encryption]() uses TLS to encrypt data in transit between cluster nodes.\n\nBy default, internode encryption is enabled for the control plane, which manages the cluster and databases. If you also want to encrypt replication and proxy communications between database shards on different nodes, [enable data internode encryption]().\n\n### Require HTTPS for REST API endpoints\n\nBy default, the Redis Enterprise Software API supports communication over HTTP and HTTPS. However, you can [turn off HTTP support]() to ensure that API requests are encrypted.\n\n## Encrypt data at rest\n\n### File system encryption\n\nTo encrypt data stored on disk, use file system-based encryption capabilities available on Linux operating systems before you install Redis Enterprise Software.\n\n### Private key encryption\n\nEnable PEM encryption to [encrypt all private keys]() on disk.\n\n## Encrypt data in use\n\n### Client-side encryption\n\nUse client-side encryption to encrypt the data an application stores in a Redis database. The application decrypts the data when it retrieves it from the database.\n\nYou can add client-side encryption logic to your application or use built-in client functions.\n\nClient-side encryption has the following limitations:\n\n- Operations that must operate on the data, such as increments, comparisons, and searches will not function properly.\n\n- Increases management overhead.\n\n- Reduces performance.\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "children": [{"id":"tls","summary":"An overview of Transport Layer Security (TLS).","title":"Transport Layer Security (TLS)","url":"https://redis.io/docs/latest/operate/rs/7.8/security/encryption/tls/"},{"id":"internode-encryption","summary":"Describes internode encryption which improves the security of data in transit.","title":"Internode encryption","url":"https://redis.io/docs/latest/operate/rs/7.8/security/encryption/internode-encryption/"},{"id":"pem-encryption","summary":"Enable PEM encryption to encrypt all private keys on disk.","title":"Encrypt private keys","url":"https://redis.io/docs/latest/operate/rs/7.8/security/encryption/pem-encryption/"}]
}