Caches

External caches may be defined and used with the orchestrator to enable high availability. Presently only the app centric defined OIDC Provider supports their use.

Caches configuration options

ℹ️
Redis 6.0 or greater must be used.

Name

name defines how the cache is identified.

Type

type specifies which backend system the cache will use for storage, and determines the cache configuration options. Currently only caches of type redis are supported.

Encryption

encryption is the configuration block which defines the keys used for encrypting and decrypting the cache data. By default, the cache assumes that encryption will be used.

Disabled

disabled is a boolean flag which can be set to true to disable encrypting the cache data.

Keys

keys is the configuration block which defines the actively used encryption keys. The keys must be 32 bytes in hexadecimal format. They can be created using openssl like: openssl rand -hex 32.

Current

current defines the key which is actively being used to encrypt data to
the cache.

Old

old defines an array of keys which were previously used in current, they allow non-current keys to still decrypt data from the cache which may have been encrypted while they were current.

Hashing

hashing is the configuration block used for controlling if certain data is hashed before being added to the cache. Presently, only hashing of the keys is done, and it is turned on by default.

Keys

keys is the configuration block for configuring if keys are hashed or not.

Disabled

disabled is an optional boolean flag which can be set to true to disable hashing the cache key. This can be useful for debugging.

Redis cache configuration options

Addresses

addresses a list of host:port addresses of cluster nodes.

TLS

tls is the name of the TLS configuration to use. Refer to the documentation about transport security to learn more.

Username

username is the username used to authenticate used to authenticate against Redis. The username must be generated via access control list (ACL) in Redis.

Password

password the user password used to authenticate against Redis. The password must be generated via access control list (ACL) in Redis.

Example Redis cache configuration

caches:
  - name: maverics-redis-cache
    type: redis
    redis:
      tls: redis-ca
      addresses:
        - redis1.example.com:6379
      username: redis-username
      password: <cache-redis-password>
    encryption:
      keys:
        current: '{{ env.CACHE_REDIS_ENCRYPTION_KEY_CURRENT }}'
        old:
          - '{{ env.CACHE_REDIS_ENCRYPTION_KEY_2022 }}'
          - '{{ env.CACHE_REDIS_ENCRYPTION_KEY_2021 }}'