Private key material should not be kept in the clear anywhere, ideally. This includes on your dev machine, serialised in a store, in the heap of your process, anywhere. Of course, it depends on your threat environment, but the article did mention pci-dss. If you put it in redis, then anyone that has access (internal baddies exist too!) can steal the key and sign something. Its hard to repudiate that.