Caches

  • 2 minute(s) read
Prev Next

External caches may be defined and used with the orchestrator to enable high availability.

To define a Redis Cache

Orchestrator only supports Redis 6.0 or greater.

Go to Deployments, create or open an existing deployment, scroll to the Cache section and click Add.

Name

Defines how the cache is identified. The name is used when referencing the cache in OIDC or SAML provider settings.

Disable Prefix

Disable the feature-specific prefix typically prepended to cache keys. This should be enabled when using Service Extensions to read and write data in a cache where the data is not owned by the Orchestrator. When disabled (default), cache keys are prefixed with the feature namespace (e.g., /app/oidc:abc123). When enabled, keys are stored without the prefix (e.g., abc123).

Notice

Notice that when the prefix is disabled you must disable Encryption and the Hashing Keys.  This is required when reading data from a shared cache, since the data being written by the external system doesn't use the same key hashing or data encryption.

Using the Cache by a service extension

In a Service Extension get the cache by the Name you provided in the config and use the cache APIs for retrieving and setting data.  


// Get the cache by the name you set in the config (e.g., "shared-redis").
cache, err := api.Cache("", cache.WithName("shared-redis"))
if err != nil {
	logger.Error("se", "unable to retrieve cache", "error", err.Error())
	return nil, err
}
// Get the raw data from the cache using the unique key.
data, err := cache.GetBytes(context.Background(), "my-unique-key")
// At this point, you'll typically unmarshal the data to a struct using JSON or whatever encoding your external 
// system used when writing to the cache.

Redis

Address

A list of Redis host and port addresses in the format host:port (for example, localhost:6379 or redis1.example.com:6379). Multiple addresses can be entered to define cluster nodes.

Redis Cache Username

Optional. The username used to authenticate against Redis. The username must be created via an Access Control List (ACL) in Redis.

Cache Password

Optional. The password used to authenticate against Redis. The password must also be generated via an ACL in Redis.

CA Path

Optional. The file path to the Certificate Authority (CA) file. Use this when connecting to Redis instances that require self-signed certificates.

Encryption

Defines the keys used for encrypting and decrypting cache data. By default, encryption is enabled for all cache data.

Disable Encryption

When enabled, encryption for cache data is turned off. Use this only when connecting to a shared cache where encryption is handled externally.

Current Key

Defines the encryption key currently being used to encrypt cache data. Keys must be 32 bytes in hexadecimal format (for example, 44ff1207fcab4c621a3d8d52cd13b55041fa744c900af17a4c96c900a91542e).

Old Keys

Defines keys which were previously used in current, they allow non-current keys to still decrypt data from the cache which may have been encrypted while they were current.

Disable Hashing Keys

Enable to disable hashing the cache key. This can be useful for debugging.

Related articles