Easily Encrypt Data in Redis with Peacemakr

Jon McLachlan
2 min readFeb 23, 2020
Photo by Joshua Aragon on Unsplash

Peacemakr introduces one simple idea: doing the right thing (encrypting your data) should be easy and fast. Peacemakr integrated the E2E-Encryption-as-a-Service directly into go-redis to protect the data before it enters the cache. Under the hood, Peacemakr uses E2E-Encryption, key lifecycle management, on-prem key ownership, and cryptoagility to protect data in Redis seamlessly.

No setup required. Their free tier provides real and lasting value.

As an example of how easy it is, just set up anEncryptingClient:

enc, err := redis.NewEncryptingClient(&redis.EncryptingClientOptions{
Options: &redis.Options{
Addr: ":6379",
DialTimeout: 10 * time.Second,
ReadTimeout: 30 * time.Second,
WriteTimeout: 30 * time.Second,
PoolSize: 10,
PoolTimeout: 30 * time.Second,
},
PeacemakrApiKey: "<your Peacemakr API key goes here>", // If you're testing locally, you can leave this empty
PeacemakrClientName: "<short name to describe your app>", // this will show up in logs on the device only
PeacemakrPersister: utils.GetDiskPersister("/tmp"), // or utils.GetInMemPersister()
})
if err != nil {
// handle err
}

And that’s pretty much it. All you have to do now is use your newfound powers to keep your data safe in Redis like so:

err := enc.EncryptSet("key", "super secret information", 10*time.Second).Err()
if err != nil {
// handle err
}val, err := enc.DecryptGet("key").Result()
if err != nil {
// handle err
}
fmt.Printf("%s", val)
// Output: super secret information

Congratulations! All done. Easy. And yes, all other Peacemakr integrated clients will be able to interact with the protected data. It’s time to pat yourself on the back for working hard to protect your most important asset: your data.

--

--

Jon McLachlan

Founder of YSecurity. Ex-Apple, Ex-Robinhood, Ex-PureStorage. Lives in Oakland. Athlete.