Skip to main content

Installing and Configuring Redis Datastore for Storing Session Data, Security Tokens, and More

Learn about Redis datastore configuration for deployment of SecureAuth platform.

Redis Datastore Overview

Redis (which stands for Remote Dictionary Server) is an open-source, in-memory key-value data store. It is often used as a cache or a message broker, but its versatility makes it suitable for a wide variety of use cases.

One of the main advantages of Redis is its performance. Because it stores all of its data in memory, it can perform operations very quickly, making it well suited for real-time applications or applications that require low-latency data access. Additionally, Redis supports a variety of data structures, including strings, hashes, lists, sets, and sorted sets, which makes it easy to work with different types of data.

Redis also has built-in support for data replication and persistence, which means that it can automatically replicate data to one or more slave servers, providing a level of fault tolerance. Additionally, Redis supports a feature called persistence that allows data to be saved to disk, so that it can be reloaded in the event of a failure.

Another important feature is Redis Cluster which allows for sharing of the data across multiple Redis instances to improve performance and scalability. Redis Cluster allows you to automatically shard data across multiple Redis instances. This means that your data is automatically split up into small chunks and distributed across multiple servers, so that each server only stores a portion of the data. This allows you to scale your Redis deployment horizontally, by simply adding more servers as needed, rather than vertically, by adding more memory or CPU to a single server.

Why Redis

The SecureAuth platform uses Redis to store a variety of data types that are well-suited for key-value storage. This includes security tokens such as access tokens, which grant users access to protected resources, and identity tokens, which provide information about the user's identity.

Refresh Tokens

By default, SecureAuth stores refresh tokens inside the SQL database (CockroachDB). It is controlled by setting the enabled option to true in the storage.refresh_tokens section of your SecureAuth deployment configuration.

If you wish, you may disable this setting to store refresh token in the Redis datastore. Remember that if you don't have data replication and persistance properly set up, you may loose the tokens in cases when your Redis deployment goes down.

Redis is also used to store session information, which is crucial for maintaining user state across multiple requests. This can include various session types such as user sessions, admin sessions and temporary sessions. In addition, Redis is used to store authorization codes, which are short-lived and single-use codes that are used in the authorization grant flow of OAuth 2.0 protocol.

Redis is an ideal choice for storing this type of data due to its high performance, scalability, and ability to handle large amounts of data with low latency. It's also very simple to use and provides a wide range of data structures such as lists, sets, and sorted sets, which makes it easy to store and retrieve the data efficiently.

Redis Installation

Warning

For the SecureAuth platform to work, Redis installation and configuration is required.

At SecureAuth, to install and configure Redis, we use Helm - a popular package manager for Kubernetes that allows users to easily install and configure complex software such as Redis on a Kubernetes cluster. By using Helm to install Redis, users can take advantage of several benefits that make the process of deploying and managing Redis much simpler and more efficient.

Firstly, Helm provides a convenient way to define and manage the configuration of Redis, including the number of nodes, storage settings, and networking settings, in a single, easy-to-read file called a chart. This makes it easy to understand and modify the configuration of Redis as needed.

Additionally, Helm provides the ability to manage and upgrade the Redis deployment in a controlled and repeatable way, this means that any updates or upgrades to the Redis software can be easily rolled out to the cluster in a predictable manner, avoiding any possible disruption to the service.

When you install the SecureAuth plafrom on Kubernetes using Helm Charts, you can see that the Redis dependency is included in our kube-acp-stack Helm Chart.

Warning

SecureAuth does not provide any support for the below solutions that do not include self-hosting of Redis Datastore and does not guarantee full compatibility with them.

Alternatively, if you do not want to host your own instance running Redis, you can consider using one of following solutions:

Redis Cluster Version Recommendation

  • Datastore: 6.2.14

  • Helm chart: 7.6.4

Supported Redis Versions

  • 6.2.x

    Note

    Redis 7.x is not currently supported.

Configure Redis Dependency

If you wish to configure the connection between the SecureAuth platform and Redis, and configure the datastore installation itself, configure the values.yaml file for your SecureAuth deployment and apply the changes. To learn more, see Configure Helm Charts.

Configure Connection Between SecureAuth Platform and Redis Datastore

If you need to configure the connection between the SecureAuth platform and Redis:

  1. Refer to the redis (redis client) section of the SecureAuth Platform Configuration Reference to learn about available configuration options.

  2. Change the configuration for the connection in the redis-cluster section of the SecureAuth Platform values.yaml file for your deployment.

  3. Apply the changes to your deployment.

Redis Configuration Example

SecureAuth delivers a production-grade example derived from our own operational experiences. This example is readily accessible within the acp-on-k8s repository. This configuration leverages the Redis Cluster Helm chart for deployment, encompassing Redis Search and custom configuration scripts designed to ensure high availability.

We recommend utilizing this example as a foundational reference for your Redis deployment. Get started with our quickstart guide.

Troubleshooting Issues With Redis

If your SecureAuth plaform Redis address setup is not set correctly, the SecureAuth platform won't start and you will see the log message similar to:

{"error":"failed to create redis client: failed to get redis info: dial tcp 1.0.0.0:1: connect: connection refused","level":"fatal","msg":"failed to create storage"}         

If your connection between SecureAuth and Redis is misconfigured with, for example, an incorrect password, you will see a log message similar to the following:

{"error":"failed to create redis client: failed to get redis info: ERR no responses received","level":"fatal","msg":"failed to create storage"}         

When the SecureAuth platform is able to connect to Redis, but rest of the configuration is incorrect, you will see the log message similar to the following:

{"error":"failed to create redis client: failed to get redis info: ERR unknown command `FT.INFO`, with args beginning with: `default-index`, ","level":"fatal","msg":"failed to create storage"}         

Redis failure forcing you to trigger the recreation of the Redis cluster has the following impact:

  • All active Access Tokens are lost. Refresh Tokens are stored in a persistent database, so there is no impact on them.

  • Any operations in progress that utilize caching mechanisms (mostly the Identity Pools operations like user creation, user update, etc.) have to be repeated as there is a risk that the transaction wasn't persisted in the database.

  • Any audit events that still need to be persisted in the Timescale DB might be lost.