caches[] top-level key. It provides distributed token caching and data storage across multiple Orchestrator nodes. Connectors and providers reference named caches for shared state (e.g., oidcProvider.cache: my-redis, samlProvider.cache: my-redis).
Redis caching is supported for production use. It is the recommended approach for sharing connector tokens and provider data across multiple Orchestrator instances.
Console terminology: In the Maverics Console, Orchestrator instances and
configuration delivery are managed through Deployments. When working directly
with YAML, configuration is managed as files delivered via the
-config flag or
MAVERICS_CONFIG environment variable.Overview
When a Redis cache is configured, the Orchestrator stores connector tokens, OIDC authorization codes, SAML request data, and other cacheable data in Redis rather than in local memory. This enables multiple Orchestrator instances to share cached data, which is essential for multi-node deployments.Redis is used for caching, not for session storage directly. Session store types are
local and cluster, configured under session.store. See Sessions for session store configuration.Use Cases
- Multi-node token sharing — share cached connector tokens and OIDC provider data across multiple Orchestrator instances behind a load balancer
- OIDC/SAML provider cache — store authorization codes and SAML request data in Redis for distributed provider deployments
- Key rotation — rotate encryption and hashing keys without downtime using the
oldkey arrays
Configuration
- Console UI
- Configuration
Console UI documentation is coming soon. This section will walk you
through configuring this component using the Maverics Console’s visual
interface, including step-by-step screenshots and field descriptions.
Configuration Reference
Redis Cache Fields
| Key | Type | Default | Required | Description |
|---|---|---|---|---|
caches[].name | string | — | Yes | Unique cache name |
caches[].type | string | — | Yes | Cache type: "redis" |
caches[].redis.addresses | array | — | Yes | Redis server addresses (at least one required) |
caches[].redis.username | string | — | No | Redis username for authentication |
caches[].redis.password | string | — | No | Redis password (use secret reference syntax, e.g., <vault.redis_password>) |
caches[].redis.tls | string | — | No | TLS profile name for the Redis connection (references a named profile under tls) |
Cache options (encryption, hashing, key prefix) apply to all cache types and are documented on the Caches overview page.
Example
- Console UI
- Configuration
Console UI documentation is coming soon. This section will walk you
through configuring this component using the Maverics Console’s visual
interface, including step-by-step screenshots and field descriptions.
Troubleshooting
- Connection refused — verify Redis is accessible from the Orchestrator host. Check that the address and port are correct and that firewalls allow the connection.
- Authentication errors — confirm the username and password are correct. If using a secret reference, ensure the secret provider is configured and the secret resolves.
- TLS handshake failures — for Redis with TLS, ensure the named TLS profile includes the correct CA certificate. Verify the Redis server’s certificate is trusted.
- Encryption key errors — check that the encryption key secret reference resolves correctly. The key must be exactly 64 hex characters (32 bytes AES-256).