diff --git a/.env.sample b/.env.sample
index debab80..d39bd3c 100644
--- a/.env.sample
+++ b/.env.sample
@@ -41,6 +41,7 @@ USE_RACK_ATTACK=1
 SECRET_DEVISE_SECRET_VERSION=v1 #length=64
 SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
 SECRET_DB_PASSWORD_VERSION=v1
+SECRET_REDIS_PASSWORD_VERSION=v1
 
 # Send catch up email (missed yesterday) weekly
 # EMAIL_CATCH_UP_WEEKLY=1
diff --git a/abra.sh b/abra.sh
index 47f3c79..7b55083 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,4 +1,5 @@
 export LOOMIO_ENTRYPOINT_VERSION=v5
+export REDIS_ENTRYPOINT_VERSION=v1
 
 # cannot be integrated into entrypoint.sh as it requires the operator to create a user first
 function make_last_user_admin()
diff --git a/compose.yml b/compose.yml
index b8305bc..e0b3f44 100644
--- a/compose.yml
+++ b/compose.yml
@@ -7,7 +7,8 @@ x-db-env: &db-env
     POSTGRES_USER: postgres
 
 x-redis-env: &redis-env
-  REDIS_URL: redis://redis:6379
+  REDIS_PASSWORD_FILE: /run/secrets/redis_password
+  REDIS_URL: redis://:{REDIS_PASSWORD}@redis:6379
 
 x-environment: &default-env
   <<: *db-env
@@ -43,6 +44,7 @@ services:
       - devise_secret
       - secret_cookie_token
       - db_password
+      - redis_password
     volumes:
       - loomio_uploads:/loomio/public/system
       - loomio_storage:/loomio/storage
@@ -84,6 +86,7 @@ services:
       - devise_secret
       - secret_cookie_token
       - db_password
+      - redis_password
     networks:
       - backend
     environment:
@@ -116,11 +119,19 @@ services:
         backupbot.restore: "true"
         backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$POSTGRES_DB" < /postgres.dump && rm -f /postgres.dump'
   redis:
-    image: redis:5.0
+    image: redis:7.4
     networks:
       - backend
+    command: /bin/sh -c "redis-server redis.conf --loglevel debug"
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
+    secrets:
+      - redis_password
+    configs:
+      - source: entrypoint_redis
+        target: /entrypoint.sh
+        mode: 0555
+    entrypoint: /entrypoint.sh
   #mailin:
   #  image: loomio/mailin-docker:latest
   #  networks:
@@ -135,6 +146,8 @@ services:
       - backend
     depends_on:
       - redis
+    secrets:
+      - redis_password
     environment:
       <<: *redis-env
   cron:
@@ -149,6 +162,7 @@ services:
       - devise_secret
       - secret_cookie_token
       - db_password
+      - redis_password
     volumes:
       - loomio_uploads:/loomio/public/system
       - loomio_storage:/loomio/storage
@@ -184,6 +198,9 @@ configs:
   entrypoint:
     name: ${STACK_NAME}_entrypoint_${LOOMIO_ENTRYPOINT_VERSION}
     file: entrypoint.sh
+  entrypoint_redis:
+    name: ${STACK_NAME}_entrypoint_redis_${REDIS_ENTRYPOINT_VERSION}
+    file: entrypoint.redis.sh
 
 secrets:
   devise_secret:
@@ -195,3 +212,6 @@ secrets:
   db_password:
     external: true
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+  redis_password:
+    external: true
+    name: ${STACK_NAME}_redis_password_${SECRET_REDIS_PASSWORD_VERSION}
diff --git a/entrypoint.redis.sh b/entrypoint.redis.sh
new file mode 100644
index 0000000..8a88390
--- /dev/null
+++ b/entrypoint.redis.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+echo "creating redis.conf..."
+echo "requirepass $(cat /run/secrets/redis_password)" > redis.conf
+echo "redis.conf created"
\ No newline at end of file