Redis 6 finally brings full ACL support by accepting a username in addition to the already existing password.
It would make sense to support the authentication method with two configuration properties:
spring.redis.username(bound toRedisStandaloneConfigurationandRedisClusterConfiguration)spring.redis.sentinel.username(bound toRedisSentinelConfiguration)
The username can be supported in every place where password is used. This feature should be backward-compatible so authentication without a username is supported, too (e.g. for older Redis server versions). In that case, Redis…Configuration.setUserName(…) isn't called.
URL-based configuration should be adopted accordingly and we should ideally log a warning that the form redis://foobar@host is deprecated as foobar is considered to be the password. From a proper URL syntax perspective, the userinfo part should consist of a username and password delimited by a colon. So a URI with an empty username should be rendered as redis://:foobar@host to avoid ambiguity.
The setting is supported by both Redis clients (Lettuce and Jedis).
Spring Data Redis needs to implement DATAREDIS-1046 first before this ticket can be addressed.
Comment From: snicoll
DATAREDIS-1046 is resolved so I've unblocked this one.
Comment From: mourezwell
in spring boot 2.6.3, the spring.sentinel.username is not autoconfigure, redis-data has opened the door to get it fixed bys solving https://github.com/spring-projects/spring-data-redis/issues/2218 is there an port in spring boot auto-configure, in deed org.springframework.boot.autoconfigure.data.redis.RedisProperties does not support sentinel username yet, neither does org.springframework.boot.autoconfigure.data.redis.RedisConnectionConfiguration.
Comment From: snicoll
@mourezwell please don't add the same comment in two different issue trackers. This creates unnecessary noise and may lead to wasted efforts as two teams are trying to help you for the same problem.
Comment From: mourezwell
@snicoll sorry for the noise i didn't know which team is responsible for it.