Docs Cloud Redpanda Connect Components Catalog Caches redpanda redpanda Type: Cache ▼ CacheInputOutput Available in: Cloud, Self-Managed A Kafka cache implemented using the Franz Kafka client library. Common Advanced cache: label: "" redpanda: seed_brokers: [] # No default (required) topic: "" # No default (required) cache: label: "" redpanda: seed_brokers: [] # No default (required) client_id: benthos tls: enabled: false skip_cert_verify: false enable_renegotiation: false root_cas: "" root_cas_file: "" client_certs: cert: "" key: "" cert_file: "" key_file: "" password: "" sasl: mechanism: "" # No default (required) username: "" password: "" token: "" extensions: "" # No default (optional) aws: region: "" # No default (optional) endpoint: "" # No default (optional) credentials: profile: "" # No default (optional) id: "" # No default (optional) secret: "" # No default (optional) token: "" # No default (optional) from_ec2_role: "" # No default (optional) role: "" # No default (optional) role_external_id: "" # No default (optional) metadata_max_age: 5m request_timeout_overhead: 10s conn_idle_timeout: 20s topic: "" # No default (required) A cache that stores data in a Kafka topic. This cache is useful for data that is written frequently and queried infrequently. Reads from the cache require scanning the entire topic partition. If you expect frequent access, consider placing an in-memory caching layer in front of this one. Because only the latest values are needed, configure compaction for topics used as caches so that reads are less expensive when topics are rescanned. See Compaction Settings. The cache does not have any TTL mechanisms. Use the Kafka topic retention policies to manage TTL. Fields allow_auto_topic_creation Enables topics to be auto created if they do not exist when fetching their metadata. Type: bool Default: true client_id An identifier for the client connection. Type: string Default: benthos conn_idle_timeout The amount of time that connections can remain idle before they are closed. Type: string Default: 20s metadata_max_age The maximum age of metadata before it is refreshed. Type: string Default: 5m request_timeout_overhead Additional time to apply as overhead when calculating request deadlines. This buffer helps prevent premature timeouts, especially for requests that already define their own timeout values. Type: string Default: 10s sasl[] Specify one or more SASL authentication methods. Each method is tried in the order specified. If the broker supports the first mechanism, outgoing client connections use that mechanism. If the first mechanism fails, the client will use the first supported mechanism. If the broker does not support any client mechanisms, connections will fail. Type: object # Examples: sasl: - mechanism: SCRAM-SHA-512 password: bar username: foo sasl[].aws Contains AWS-specific fields for when sasl.mechanism is set to AWS_MSK_IAM. Type: object sasl[].aws.credentials Optional manual configuration of AWS credentials to use. For more information, see the credentials for AWS guide. Type: object sasl[].aws.credentials.from_ec2_role The credentials of a host EC2 machine configured to assume an IAM role associated with the instance. Type: bool sasl[].aws.credentials.id The ID of credentials to use. Type: string sasl[].aws.credentials.profile A profile from ~/.aws/credentials to use. Type: string sasl[].aws.credentials.role The ARN of the role to assume. Type: string sasl[].aws.credentials.role_external_id An external ID to provide when assuming the specified role. Type: string sasl[].aws.credentials.secret The secret for the credentials being used. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. Type: string sasl[].aws.credentials.token The token for the credentials being used. Required only when using short-term credentials. Type: string sasl[].aws.endpoint A custom endpoint URL for AWS API requests. Use this to connect to AWS-compatible services or local testing environments instead of the standard AWS endpoints. Type: string sasl[].aws.region The AWS region to target. Type: string sasl[].extensions Key/value pairs to add to OAUTHBEARER authentication requests. Type: string sasl[].mechanism The SASL mechanism to use for authentication. Type: string Option Summary AWS_MSK_IAM AWS IAM-based authentication as specified by the aws-msk-iam-auth Java library. OAUTHBEARER OAuth Bearer authentication. PLAIN PLAIN mechanism for plaintext password authentication. SCRAM-SHA-256 SCRAM authentication as specified in RFC5802. SCRAM-SHA-512 SCRAM authentication as specified in RFC5802. none Disable SASL authentication. sasl[].password The password to use for PLAIN or SCRAM-* authentication. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. Type: string Default: "" sasl[].token The token to use for a single session’s OAUTHBEARER authentication. Type: string Default: "" sasl[].username The username to use for PLAIN or SCRAM-* authentication. Type: string Default: "" seed_brokers[] A list of broker addresses to connect to. Items containing commas are expanded into multiple addresses. Type: array # Examples: seed_brokers: - "localhost:9092" - "foo:9092" - "bar:9092" - "foo:9092,bar:9092" tls Configure Transport Layer Security (TLS) settings to secure network connections. This includes options for standard TLS as well as mutual TLS (mTLS) authentication where both client and server authenticate each other using certificates. Key configuration options include enabled to enable TLS, client_certs for mTLS authentication, root_cas/root_cas_file for custom certificate authorities, and skip_cert_verify for development environments. Type: object tls.client_certs[] A list of client certificates for mutual TLS (mTLS) authentication. Configure this field to enable mTLS, authenticating the client to the server with these certificates. You must set tls.enabled: true for the client certificates to take effect. Certificate pairing rules: For each certificate item, provide either: Inline PEM data using both cert and key or File paths using both cert_file and key_file. Mixing inline and file-based values within the same item is not supported. Type: object Default: [] # Examples: client_certs: - cert: foo key: bar - cert_file: ./example.pem key_file: ./example.key tls.client_certs[].cert The plaintext certificate to use for TLS authentication. Must be paired with the corresponding private key in the key field when using inline PEM data for mTLS client certificates. Type: string Default: "" tls.client_certs[].cert_file The path to a file containing the certificate to use for TLS authentication. Must be paired with the corresponding private key file in the key_file field when using file-based configuration for mTLS client certificates. Type: string Default: "" tls.client_certs[].key Private key for mTLS client certificate as inline PEM data. Must correspond to the client certificate specified in the cert field. Use this field together with cert when providing certificate data inline rather than through files. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. Type: string Default: "" tls.client_certs[].key_file Path to private key file for mTLS client certificate in PEM format. Must correspond to the client certificate specified in the cert_file field. Use this field together with cert_file when loading certificate data from files. Type: string Default: "" tls.client_certs[].password The password to use for the private key (specified in the key or key_file fields), if it is password-protected. The PKCS#1 and PKCS#8 formats are supported. Supports environment variable interpolation for secure password management. The pbeWithMD5AndDES-CBC algorithm is obsolete and not supported for the PKCS#8 format. This algorithm does not authenticate the ciphertext, making it vulnerable to padding oracle attacks that can let an attacker recover the plaintext. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. Type: string Default: "" # Examples: password: foo password: ${KEY_PASSWORD} tls.enable_renegotiation Whether to allow the remote server to request renegotiation. Enable this option if you’re seeing the error message local error: tls: no renegotiation. Type: bool Default: false tls.enabled Whether custom TLS settings are enabled. Type: bool Default: false tls.root_cas An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. Type: string Default: "" # Examples: root_cas: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- tls.root_cas_file Specify the path to a root certificate authority file (optional). This is a file, often with a .pem extension, which contains a certificate chain from the parent-trusted root certificate, through possible intermediate signing certificates, to the host certificate. Use either this field for file-based certificate loading or root_cas for inline certificate data. Type: string Default: "" # Examples: root_cas_file: ./root_cas.pem tls.skip_cert_verify Whether to skip server-side certificate verification. Set to true only for testing environments as this reduces security by disabling certificate validation. When using self-signed certificates or in development, this may be necessary, but should never be used in production. Consider using root_cas or root_cas_file to specify trusted certificates instead of disabling verification entirely. Type: bool Default: false topic The topic to store data in. Type: string Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution 🎉 Thanks for your feedback! redis ristretto