Guidance on calling ACL SAVE after Redis password rotation

[zboralski]

Hi there! I'm a user of the vault-plugin-database-redis plugin and I'm wondering what the best practice is to ensure that the Redis ACL is updated after a password rotation. I've read that calling ACL SAVE is necessary to persist the changes to disk, but I'm not sure how to incorporate that into my workflow.

Could you please provide some guidance on how to properly call ACL SAVE after the plugin rotates the Redis password? Are there any examples or best practices that you could share with me?

Thank you for your help!

[zboralski]

I guess it is probably more secure to just reconfigure database/config/redis and force database/rotate-root/redis when redis restarts?

Really not sure what's the best way to do this

[fhitchen]

Hi Zboralski,
Sorry I am a bit late on answering your question. The cluster-support branch implements saving the ACL updates, either to and ACL file with ACL SAVE or to the config file with CONFIG REWRITE, you get to choose.
I am merging this branch into main so it should be easy for you to add the `persistence_mode' flag to the plugin initialization phase.
regards, Francis.