We’d very much like to be able to store PHI in Redis for a few reasons:
- We have an http request cache using redis right now that, since it caches all requests, may contain PII.
- We use sentry.io. To replace that we could use a sentry container image, but that uses redis. Sentry, by virtue of getting a lot of unknown errors and exceptions /w attached data, may occasionally get a bit of PII.
- We want to switch to using something like sidekiq or resque for background jobs, both of which run on redis. Our background jobs may occasionally contain PII.
Unfortunately, PII needs to be encrypted in transit. Redis does not, by itself, support using SSL to talk to it- you have to put some other (like Spiped) in front of it. Aptible’s provided redis-type database is just a black box to us, so we have no ability to put Spiped onto it.
We could spin up our own redis container, but then we have no way to do secure persistence (since aptible only provides encrypted databases, not encrypted filesystems).
So, I guess what I’m wondering is: has anyone else found a good way to deal with putting PII in redis using persistence?