[jchw]

Yeah exactly; which is why ideally, the container or box running Redis:

- Has practically nothing other than Redis on it.

- Has Redis running with minimal permissions and capabilities.

- Has no ability to make outgoing connections.

Which I'd say is vital security practice for anything running in production.

Few people will bother with TLS and you can see that based on the fact that I don't think cloud providers generally support it, but I personally did do this with stunnel at a time. Apparently Redis now recommends spiped, which looks good to me.