Entity caching

The Grafbase Gateway offers caching on requests to subgraphs, known as entity caching.

You can enable caching globally via the entity_caching config section:

[entity_caching]
enabled = true
ttl = "60s"

You can also configure different settings per subgraph:

[subgraphs.products.entity_caching]
ttl = "60s"

Cached data is scoped to avoid any data leaks between users. Currently, all the headers sent to the subgraph are used to compute the scope.

Using Redis for entity caching

By default entity caching uses an in memory cache to store its data. To run multiple gateways and share the cache with all of them, configure the gateway to use Redis as the caching backend.

[entity_caching]
storage = "redis"

[entity_caching.redis]
url = "redis://localhost:6379"
key_prefix = "my_gateway"
  • storage: The cache storage to use. Either memory, the default, or redis.
  • url: The Redis endpoint URL. Use redis:// for plain text protocol, or rediss:// if connecting with TLS (default: redis://localhost:6379).
  • key_prefix: A string the cache uses to prefix keys in Redis (default: grafbase-cache).

To connect using TLS, the Redis URL must start with rediss://. If the server CA certificate is not in the system certificates or if you want to use mTLS, define paths to these files in the TLS configuration.

[entity_caching.redis.tls]
cert = "/path/to/user.crt"
key = "/path/to/user.key"
ca = "/path/to/ca.crt"
  • cert: The path to the mTLS user certificate file.
  • key: The path to the mTLS user private key file. Must be defined together with the cert.
  • ca: The path to the server CA certificate file.

All files must be in PEM format. The cert and key are not needed if the server is not set up to use mTLS. The ca is not needed if the certificate is added to the system certificate storage. The certificates must be of version 3 and the server must use TLS version 1.3; everything else will be rejected by the TLS library.

Using TLS with Redis increases response times, and the Redis server will be called at least once for every request. Consider placing the Redis server as close as possible to the gateway instances and not using TLS for the counters.

Was this page helpful?