Accessing in-transit encryption enabled Elasticache with Spring Redis, throws an error for the stringRedisTemplate.keys method

AkiT
September 25, 2024
116 views
0 votes
2 Answers

We have an in-transit encryption enabled AWS Elasticache instance. We’re trying to access the instance from our Spring boot microservice with Spring data redis SSL enabled.

LettuceClientConfiguration clientConfig = LettuceClientConfiguration.builder()
                .useSsl().and()
                .shutdownTimeout(Duration.ZERO)
                .build();
return new LettuceConnectionFactory(new RedisStandaloneConfiguration(redisHost, redisPort), clientConfig);

But enabling SSL gives an error, for the method StringRedisTemplate.keys()

io.lettuce.core.RedisCommandExecutionException: ERR unknown command 'keys', with args beginning with: IndexKey:abc_prefix*

Can this be due to some restriction with the method StringRedisTemplate.keys(), with enabling SSL. This method works fine when SSL is diabled.

Answers

Chosen as BEST ANSWER
- AkiT
- August 22, 2024 at 2:58 pm
- 0 votes
0
Spring boot RedisTemplate, keys method has the annotation @SuppressWarnings("unchecked")
```
@SuppressWarnings("unchecked")
public Set<K> keys(K pattern) {}
```
When I replace the keys method with Scan, the issue got resolved.

I think the issue was the security risks with using the keys method.

(Edit)

- avifen
- September 25, 2024 at 5:40 am
- 0 votes
0
For the next searcher that will land here, just an anecdote – the problem with keys is that its heavy on CPU, will block all action till finish and might fail your server and/or your client.
The command traverse all keys in the server, and redis being single threaded cannot perform any other task, and when finish, depend on data size, send a huge response back.
It is not recommended to use it at all, and it is deprecated.
This is the reason SCAN exist.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.