Redis

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

Database

system_type: "redis"

QuantaSeal encrypts all Redis cached values with AES-256-GCM using a per-tenant encryption key.

Overview#

Redis support is built into QuantaSeal's core caching layer. All values written to Redis are encrypted with AES-256-GCM using the tenant's redis_encryption_key before storage. This means your cache is quantum-safe by default without any application changes. For custom Redis integrations through the proxy, the redis adapter handles direct command proxying.

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Prerequisites#

1A Redis instance (Redis 6+ recommended)
2Redis connection URL or host/port with authentication
3A QuantaSeal API key

Configuration#

Follow these steps to connect Redis to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1
Seal your Redis URL: POST /api/v2/vault/seal with credential_type: database_dsn and values: {dsn: 'redis://:password@host:6379/0'}.
2
Create integration with system_type: redis.

Authentication Types#

Seal the Redis connection URL (redis://[:password@]host:port/db or rediss:// for TLS) as database_dsn credential type.

DB DSN

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Operation	Description
`get`	Get a value by key (returned encrypted in envelope).
`set`	Set a key-value pair (value encrypted before write).
`del`	Delete one or more keys.
`expire`	Set TTL on a key.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

bashCopy

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"integration_id":"int_REDIS001","operation":"set","payload":{"key":"user:12345:profile","value":{"email":"alice@acme.com","tier":"pro"},"ttl":3600}}'

Decrypt the response using the QuantaSeal SDK: client.encryption.decrypt(envelope). Both the ML-DSA-65 signature and the HMAC-SHA-512 signature must pass - QuantaSeal uses a bitwise & check, not short-circuit and.

Troubleshooting#

NOAUTH Authentication required

Your Redis instance requires a password. Include it in the connection URL: redis://:yourpassword@host:6379/0.

Still stuck? Check the Security Events page in the Admin Console for detailed proxy error logs, or open a support ticket at quantaseal.io/support.

All Connectors API Reference