Document TLS enabled if inMemoryDb.password is returned

RedHatInsights · Jan 16, 2025 · 16a6161 · 16a6161
1 parent 7bfc7f9
commit 16a6161
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/controllers/cloud.redhat.com/providers/inmemorydb/elasticache.go b/controllers/cloud.redhat.com/providers/inmemorydb/elasticache.go
@@ -53,6 +53,8 @@ func (e *elasticache) Provide(app *crd.ClowdApp) error {
 				)
 			}
 
+			// ElastiCache and Terraform resources, via qontract-reconcile, guarantee that `db.auth_token` is provided
+			// only if in-transit encryption is enabled.
 			passwd := string(secret.Data["db.auth_token"])
 			if passwd != "" {
 				creds.Password = &passwd

diff --git a/docs/providers/inmemorydb.md b/docs/providers/inmemorydb.md
@@ -39,7 +39,7 @@ ClowdEnv Config options available:
 In elasticache mode, the *In-Memory DB Provider* will search for a secret named
 `in-memory-db` inside the same namespace as the `ClowdApp` that requested it.
 The hostname and port will then be passed to the `cdappconfig.json` for use by
-the app.
+the app. If a password is provided, it is known that in-transit encryption is enabled, as per [ElastiCache requirements](https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/auth.html#auth-using).
 
 ## Generated App Configuration