*: remove Redis leftovers

.github/actions/setup/docker-compose.yml

@@ -11,11 +11,6 @@ services:
     ports:
       - 5432:5432
     restart: always
-  redis:
-    image: docker.io/library/redis:7
-    ports:
-      - 6379:6379
-    restart: always
 
 volumes:
   db-data:

.github/workflows/release-publish.yml

@@ -209,7 +209,7 @@ jobs:
           echo "AUTHENTIK_SECRET_KEY=$(openssl rand 32 | base64 -w 0)" >> .env
           docker compose pull -q
           docker compose up --no-start
-          docker compose start postgresql redis
+          docker compose start postgresql
           docker compose run -u root server test-all
   sentry-release:
     needs:

.gitignore

@@ -72,7 +72,7 @@ unittest.xml
 
 # Translations
 # Have to include binary mo files as they are annoying to compile at build time
-# since a full postgres and redis instance are required
+# since a full postgres instance is required
 # *.mo
 
 # Django stuff:

Makefile

@@ -16,7 +16,6 @@ GEN_API_GO = gen-go-api
 pg_user := $(shell uv run python -m authentik.lib.config postgresql.user 2>/dev/null)
 pg_host := $(shell uv run python -m authentik.lib.config postgresql.host 2>/dev/null)
 pg_name := $(shell uv run python -m authentik.lib.config postgresql.name 2>/dev/null)
-redis_db := $(shell uv run python -m authentik.lib.config redis.db 2>/dev/null)
 
 UNAME := $(shell uname)
 
@@ -107,7 +106,6 @@ dev-drop-db:
 	dropdb -U ${pg_user} -h ${pg_host} ${pg_name} || true
 	# Also remove the test-db if it exists
 	dropdb -U ${pg_user} -h ${pg_host} test_${pg_name} || true
-	redis-cli -n ${redis_db} flushall
 
 dev-create-db:
 	createdb -U ${pg_user} -h ${pg_host} ${pg_name}

authentik/api/v3/config.py

@@ -56,7 +56,6 @@ class ConfigSerializer(PassiveSerializer):
     cache_timeout = IntegerField(required=True)
     cache_timeout_flows = IntegerField(required=True)
     cache_timeout_policies = IntegerField(required=True)
-    cache_timeout_reputation = IntegerField(required=True)
 
 
 class ConfigView(APIView):
@@ -103,7 +102,6 @@ def get_config(self) -> ConfigSerializer:
                 "cache_timeout": CONFIG.get_int("cache.timeout"),
                 "cache_timeout_flows": CONFIG.get_int("cache.timeout_flows"),
                 "cache_timeout_policies": CONFIG.get_int("cache.timeout_policies"),
-                "cache_timeout_reputation": CONFIG.get_int("cache.timeout_reputation"),
             }
         )
 

authentik/lib/config.py

@@ -15,7 +15,7 @@
 from sys import argv, stderr
 from time import time
 from typing import Any
-from urllib.parse import quote_plus, urlparse
+from urllib.parse import urlparse
 
 import yaml
 from django.conf import ImproperlyConfigured
@@ -28,24 +28,10 @@
 ENV_PREFIX = "AUTHENTIK"
 ENVIRONMENT = os.getenv(f"{ENV_PREFIX}_ENV", "local")
 
-REDIS_ENV_KEYS = [
-    f"{ENV_PREFIX}_REDIS__HOST",
-    f"{ENV_PREFIX}_REDIS__PORT",
-    f"{ENV_PREFIX}_REDIS__DB",
-    f"{ENV_PREFIX}_REDIS__USERNAME",
-    f"{ENV_PREFIX}_REDIS__PASSWORD",
-    f"{ENV_PREFIX}_REDIS__TLS",
-    f"{ENV_PREFIX}_REDIS__TLS_REQS",
-]
-
 # Old key -> new key
 DEPRECATIONS = {
     "geoip": "events.context_processors.geoip",
     "worker.concurrency": "worker.threads",
-    "redis.cache_timeout": "cache.timeout",
-    "redis.cache_timeout_flows": "cache.timeout_flows",
-    "redis.cache_timeout_policies": "cache.timeout_policies",
-    "redis.cache_timeout_reputation": "cache.timeout_reputation",
 }
 
 
@@ -332,26 +318,6 @@ def set(self, path: str, value: Any, sep="."):
 CONFIG = ConfigLoader()
 
 
-def redis_url(db: int) -> str:
-    """Helper to create a Redis URL for a specific database"""
-    _redis_protocol_prefix = "redis://"
-    _redis_tls_requirements = ""
-    if CONFIG.get_bool("redis.tls", False):
-        _redis_protocol_prefix = "rediss://"
-        _redis_tls_requirements = f"?ssl_cert_reqs={CONFIG.get('redis.tls_reqs')}"
-        if _redis_ca := CONFIG.get("redis.tls_ca_cert", None):
-            _redis_tls_requirements += f"&ssl_ca_certs={_redis_ca}"
-    _redis_url = (
-        f"{_redis_protocol_prefix}"
-        f"{quote_plus(CONFIG.get('redis.username'))}:"
-        f"{quote_plus(CONFIG.get('redis.password'))}@"
-        f"{quote_plus(CONFIG.get('redis.host'))}:"
-        f"{CONFIG.get_int('redis.port')}"
-        f"/{db}{_redis_tls_requirements}"
-    )
-    return _redis_url
-
-
 def django_db_config(config: ConfigLoader | None = None) -> dict:
     if not config:
         config = CONFIG

authentik/lib/default.yml

@@ -47,16 +47,6 @@ listen:
     - fe80::/10
     - ::1/128
 
-redis:
-  host: localhost
-  port: 6379
-  db: 0
-  username: ""
-  password: ""
-  tls: false
-  tls_reqs: "none"
-  tls_ca_cert: null
-
 http_timeout: 30
 
 cache:

authentik/lib/logging.py

@@ -104,7 +104,6 @@ def get_logger_config():
         "daphne": "WARNING",
         "kubernetes": "INFO",
         "asyncio": "WARNING",
-        "redis": "WARNING",
         "fsevents": "WARNING",
         "uvicorn": "WARNING",
         "gunicorn": "INFO",

authentik/lib/tests/test_config.py

@@ -24,10 +24,6 @@ class TestConfig(TestCase):
 
     check_deprecations_env_vars = {
         ENV_PREFIX + "_WORKER__CONCURRENCY": "2",
-        ENV_PREFIX + "_REDIS__CACHE_TIMEOUT": "124s",
-        ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_FLOWS": "32m",
-        ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_POLICIES": "3920ns",
-        ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_REPUTATION": "298382us",
     }
 
     @mock.patch.dict(environ, {ENV_PREFIX + "_test__test": "bar"})
@@ -143,7 +139,7 @@ def test_get_dict_from_b64_json_invalid(self):
 
     def test_attr_json_encoder(self):
         """Test AttrEncoder"""
-        test_attr = Attr("foo", Attr.Source.ENV, "AUTHENTIK_REDIS__USERNAME")
+        test_attr = Attr("foo", Attr.Source.ENV, "AUTHENTIK_POSTGRESQL__USERNAME")
         json_attr = dumps(test_attr, indent=4, cls=AttrEncoder)
         self.assertEqual(json_attr, '"foo"')
 
@@ -176,15 +172,7 @@ def test_check_deprecations(self):
         config.update_from_env()
         config.check_deprecations()
         self.assertEqual(config.get("worker.concurrency", UNSET), UNSET)
-        self.assertEqual(config.get("redis.cache_timeout", UNSET), UNSET)
-        self.assertEqual(config.get("redis.cache_timeout_flows", UNSET), UNSET)
-        self.assertEqual(config.get("redis.cache_timeout_policies", UNSET), UNSET)
-        self.assertEqual(config.get("redis.cache_timeout_reputation", UNSET), UNSET)
         self.assertEqual(config.get("worker.threads"), 2)
-        self.assertEqual(config.get("cache.timeout"), "124s")
-        self.assertEqual(config.get("cache.timeout_flows"), "32m")
-        self.assertEqual(config.get("cache.timeout_policies"), "3920ns")
-        self.assertEqual(config.get("cache.timeout_reputation"), "298382us")
 
     def test_get_keys(self):
         """Test get_keys"""

authentik/sources/kerberos/models.py

@@ -188,7 +188,7 @@ def ui_user_settings(self) -> UserSettingSerializer | None:
 
     @property
     def sync_lock(self) -> pglock.advisory:
-        """Redis lock for syncing Kerberos to prevent multiple parallel syncs happening"""
+        """Lock for syncing Kerberos to prevent multiple parallel syncs happening"""
         return pglock.advisory(
             lock_id=f"goauthentik.io/{connection.schema_name}/sources/kerberos/sync/{self.slug}",
             timeout=0,

docker-compose.yml

@@ -18,35 +18,18 @@ services:
     restart: unless-stopped
     volumes:
     - database:/var/lib/postgresql/data
-  redis:
-    command: --save 60 1 --loglevel warning
-    healthcheck:
-      interval: 30s
-      retries: 5
-      start_period: 20s
-      test:
-      - CMD-SHELL
-      - redis-cli ping | grep PONG
-      timeout: 3s
-    image: docker.io/library/redis:alpine
-    restart: unless-stopped
-    volumes:
-    - redis:/data
   server:
     command: server
     depends_on:
       postgresql:
         condition: service_healthy
-      redis:
-        condition: service_healthy
     env_file:
     - .env
     environment:
       AUTHENTIK_POSTGRESQL__HOST: postgresql
       AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
       AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
       AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
-      AUTHENTIK_REDIS__HOST: redis
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1}
     ports:
@@ -61,16 +44,13 @@ services:
     depends_on:
       postgresql:
         condition: service_healthy
-      redis:
-        condition: service_healthy
     env_file:
     - .env
     environment:
       AUTHENTIK_POSTGRESQL__HOST: postgresql
       AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
       AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
       AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
-      AUTHENTIK_REDIS__HOST: redis
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1}
     restart: unless-stopped
@@ -83,5 +63,3 @@ services:
 volumes:
   database:
     driver: local
-  redis:
-    driver: local

internal/outpost/ak/test.go

@@ -24,7 +24,6 @@ func MockConfig() api.Config {
 		100,
 		100,
 		100,
-		100,
 	)
 }
 

lifecycle/aws/app.py

@@ -20,9 +20,6 @@
 from aws_cdk import (
     aws_efs as efs,
 )
-from aws_cdk import (
-    aws_elasticache as elasticache,
-)
 from aws_cdk import (
     aws_elasticloadbalancingv2 as elbv2,
 )
@@ -62,21 +59,6 @@ def __init__(self, scope: Construct, id: str, **kwargs):
             description="RDS PostgreSQL storage size in GB",
         )
 
-        redis_instance_type = CfnParameter(
-            self,
-            "RedisInstanceType",
-            type="String",
-            default="cache.t4g.medium",
-            description="ElastiCache Redis instance type (with the leading cache.)",
-        )
-        redis_version = CfnParameter(
-            self,
-            "RedisVersion",
-            type="String",
-            default="7.1",
-            description="ElastiCache Redis version",
-        )
-
         authentik_image = CfnParameter(
             self,
             "AuthentikImage",
@@ -156,9 +138,6 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         db_security_group = ec2.SecurityGroup(
             self, "DatabaseSG", vpc=vpc, description="Security Group for authentik RDS PostgreSQL"
         )
-        redis_security_group = ec2.SecurityGroup(
-            self, "RedisSG", vpc=vpc, description="Security Group for authentik ElastiCache Redis"
-        )
         authentik_security_group = ec2.SecurityGroup(
             self, "AuthentikSG", vpc=vpc, description="Security Group for authentik services"
         )
@@ -167,11 +146,6 @@ def __init__(self, scope: Construct, id: str, **kwargs):
             connection=ec2.Port.tcp(5432),
             description="Allow authentik to connect to RDS PostgreSQL",
         )
-        redis_security_group.add_ingress_rule(
-            peer=authentik_security_group,
-            connection=ec2.Port.tcp(6379),
-            description="Allow authentik to connect to ElastiCache Redis",
-        )
 
         # Generated secrets
 
@@ -212,30 +186,6 @@ def __init__(self, scope: Construct, id: str, **kwargs):
             removal_policy=RemovalPolicy.SNAPSHOT,
         )
 
-        # Redis
-
-        redis_subnet_group = elasticache.CfnSubnetGroup(
-            self,
-            "AuthentikRedisSubnetGroup",
-            subnet_ids=vpc.select_subnets(
-                subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
-            ).subnet_ids,
-            description="Subnet group for authentik ElastiCache Redis",
-        )
-
-        redis = elasticache.CfnReplicationGroup(
-            self,
-            "AuthentikRedis",
-            replication_group_description="Redis cluster for authentik",
-            engine="redis",
-            engine_version=redis_version.value_as_string,
-            cache_node_type=redis_instance_type.value_as_string,
-            num_cache_clusters=2,
-            automatic_failover_enabled=True,
-            security_group_ids=[redis_security_group.security_group_id],
-            cache_subnet_group_name=redis_subnet_group.ref,
-        )
-
         # Storage
 
         media_fs = efs.FileSystem(
@@ -270,7 +220,6 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         environment = {
             "AUTHENTIK_POSTGRESQL__HOST": database.instance_endpoint.hostname,
             "AUTHENTIK_POSTGRESQL__USER": "authentik",
-            "AUTHENTIK_REDIS__HOST": redis.attr_primary_end_point_address,
         }
 
         secrets = {