Skip to content

Add option to enable use of TLS for connection to Redis #672

New issue
New issue
Open
Open
Add option to enable use of TLS for connection to Redis#672
@rogu-beta

Description

@rogu-beta
rogu-beta
opened on Aug 1, 2025

Describe the bug
Currently PurlDB does not use TLS when connecting to Redis and does not offer an option to enable it. This is an issue when attempting to deploy PurlDB with Redis hosted on a separate system (e.g. a cloud deployment with ElastiCache), unlike the default docker-compose deployment.

The root cause is that PurlDB uses django-rq, which disables TLS by default unless specific options are passed.

As can be seen in the following lines, only HOST, PORT, PASSWORD, and DEFAULT_TIMEOUT are being set by PurlDB:

purldb/purldb_project/settings.py

Lines 308 to 315 in e638d18

RQ_QUEUES = {
"default": {
"HOST": env.str("PURLDB_REDIS_HOST", default="localhost"),
"PORT": env.str("PURLDB_REDIS_PORT", default="6379"),
"PASSWORD": env.str("PURLDB_REDIS_PASSWORD", default=""),
"DEFAULT_TIMEOUT": env.int("PURLDB_REDIS_DEFAULT_TIMEOUT", default=360),
}
}

Without either SSL set to True or URL set to contain rediss:// (two s!), it will not use TLS:
https://github.com/rq/django-rq/blob/cd05d2f427e6bd54ce91f78549f05884fa96753e/django_rq/queues.py#L137

Patches for this have already been added to DejaCode and ScanCode.io:

To Reproduce
See above.

Expected behavior
PurlDB should provide an option to enable TLS for the Redis connection in order protect the confidentiality and integrity of the data transmitted between the systems.

Screenshots
Not applicable

Context (OS, Browser, Device, etc.):
Not applicable

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions