We have an in-transit encryption enabled AWS Elasticache instance. We’re trying to access the instance from our Spring boot microservice with Spring data redis SSL enabled.
LettuceClientConfiguration clientConfig = LettuceClientConfiguration.builder()
.useSsl().and()
.shutdownTimeout(Duration.ZERO)
.build();
return new LettuceConnectionFactory(new RedisStandaloneConfiguration(redisHost, redisPort), clientConfig);
But enabling SSL gives an error, for the method StringRedisTemplate.keys()
io.lettuce.core.RedisCommandExecutionException: ERR unknown command 'keys', with args beginning with: IndexKey:abc_prefix*
Can this be due to some restriction with the method StringRedisTemplate.keys(), with enabling SSL. This method works fine when SSL is diabled.
2
Answers
Spring boot RedisTemplate, keys method has the annotation @SuppressWarnings("unchecked")
When I replace the keys method with Scan, the issue got resolved.
I think the issue was the security risks with using the keys method.
For the next searcher that will land here, just an anecdote – the problem with
keys
is that its heavy on CPU, will block all action till finish and might fail your server and/or your client.The command traverse all keys in the server, and redis being single threaded cannot perform any other task, and when finish, depend on data size, send a huge response back.
It is not recommended to use it at all, and it is deprecated.
This is the reason
SCAN
exist.