We generally don't recommend using TLS to secure your connection. Why?
Memcache is normally only used when performance is important and so
low latency is critical. This means we expect your MemCachier cache
and your application that accesses it runs in the same datacenter, for
example the Amazon EC2
us-east-1 datacenter. All your traffic are
running over, and only over, the internal datacenter network. This is
a highly secure network that can't be sniffed on or
tampered with. For example, your web application is probably speaking
HTTPS, but the HTTPS connection is very likely terminated at a load
balancer, and then unsecured HTTP used to talk between the load
balancer and your application.
It is possible to connect to MemCachier using TLS encrypted sockets. While no existing clients support TLS connections natively, we provide a buildpack for Heroku customers that proxies the connection to MemCachier and wraps it in a TLS connection. This can be useful for the extra paranoid among us, or to securely access your cache from outside the datacenter.
The buildpack installs and sets up stunnel on localhost listening on port 11211. It configures stunnel to connect to the MemCachier servers specified in your environment variable and to verify certificates as signed by the MemCachier Root CA.
Use the buildpack in conjunction with another buildpack that actually runs your app, using Heroku's multiple buildpack feature:
$ heroku buildpacks:add https://github.com/memcachier/memcachier-tls-buildpack.git
Finally, configure your app to connect to
localhost:11211 instead of
MEMCACHIER_SERVERS environment variable, but, leave your
MEMCACHIER_SERVERS environment variable unchanged as the TLS
buildpack uses it to connect to MemCachier.