Add option to encrypt redis password (#302)

diff --git a/Dockerfile b/Dockerfile
index 9962c92..124e2e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@
 # install dependencies
 RUN apk --update add \
     gcc tar libtool zlib jemalloc jemalloc-dev perl \
-    ca-certificates wget make musl-dev openssl-dev pcre-dev g++ zlib-dev curl python \
+    ca-certificates wget make musl-dev openssl-dev openssl pcre-dev g++ zlib-dev curl python \
     perl-test-longstring perl-list-moreutils perl-http-message geoip-dev dumb-init jq \
     && update-ca-certificates \
     && rm -rf /var/cache/apk/*
diff --git a/Makefile b/Makefile
index 8411007..d4eee3b 100644
--- a/Makefile
+++ b/Makefile
@@ -58,6 +58,7 @@
 	docker run --rm --name="apigateway" -p 80:80 -p ${PUBLIC_MANAGEDURL_PORT}:8080 -p 9000:9000 \
 		-e PUBLIC_MANAGEDURL_HOST=${PUBLIC_MANAGEDURL_HOST} -e PUBLIC_MANAGEDURL_PORT=${PUBLIC_MANAGEDURL_PORT} \
 		-e REDIS_HOST=${REDIS_HOST} -e REDIS_PORT=${REDIS_PORT} -e REDIS_PASS=${REDIS_PASS} \
+		-e DECRYPT_REDIS_PASS=${DECRYPT_REDIS_PASS} -e ENCRYPTION_KEY=${ENCRYPTION_KEY} -e ENCRYPTION_IV=${ENCRYPTION_IV} \
 		-e TOKEN_GOOGLE_URL=https://www.googleapis.com/oauth2/v3/tokeninfo \
 	 	-e TOKEN_FACEBOOK_URL=https://graph.facebook.com/debug_token \
 		-e TOKEN_GITHUB_URL=https://api.github.com/user \
diff --git a/README.md b/README.md
index 7b77729..ae8fbf6 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,11 @@
             openwhisk/apigateway:latest
 ```
 
+(Optional) The redis password can be passed in encrypted using the `aes-256-cbc` encryption algorithm. To do so, pass in the following environment variables, in addition to the encrypted password:
+- `DECRYPT_REDIS_PASS=true`
+- `ENCRYPTION_KEY=<32 Byte hex string that was used for encryption>`
+- `ENCRYPTION_IV=<16 Byte hex string that was used for encryption>`
+
 ## API
 - [v2 Management Interface](https://github.com/openwhisk/openwhisk-apigateway/blob/master/doc/v2/management_interface_v2.md)
 - [v1 Management Interface](https://github.com/openwhisk/openwhisk-apigateway/blob/master/doc/v1/management_interface_v1.md)
diff --git a/api-gateway.conf b/api-gateway.conf
index 0486fd1..64da494 100644
--- a/api-gateway.conf
+++ b/api-gateway.conf
@@ -43,6 +43,9 @@
 env TOKEN_FACEBOOK_URL;
 env TOKEN_GITHUB_URL;
 
+env ENCRYPTION_KEY;
+env ENCRYPTION_IV;
+
 
 events {
     use epoll;
diff --git a/init.sh b/init.sh
index 4c4cd35..c68fe96 100755
--- a/init.sh
+++ b/init.sh
@@ -21,6 +21,10 @@
 marathon_host=${MARATHON_HOST}
 redis_host=${REDIS_HOST}
 redis_port=${REDIS_PORT}
+if [ "${DECRYPT_REDIS_PASS}" == "true" ]; then
+    export REDIS_PASS=$(printf "${REDIS_PASS}\n" | openssl enc -d -K ${ENCRYPTION_KEY} -iv ${ENCRYPTION_IV} -aes-256-cbc -base64)
+fi
+
 sleep_duration=${MARATHON_POLL_INTERVAL:-5}
 # location for a remote /etc/api-gateway folder.
 # i.e s3://api-gateway-config