Summary
When self-hosting Flagsmith with a shared Redis instance that uses ACL-based multi-tenancy, all cache keys are written with an empty KEY_PREFIX (Django default), producing keys like :1:environment_document_xxx. This makes it impossible to restrict Flagsmith's Redis user to a namespace prefix (e.g., ~flagsmith:*) via Redis ACL rules.
Current behavior
Flagsmith's CACHES configuration in api/app/settings/common.py does not include a KEY_PREFIX for any of the Redis-backed cache entries (environment_cache, environment_document_cache, etc.). Django's BaseCache.make_key produces keys in the format {KEY_PREFIX}:{VERSION}:{key} — with an empty prefix, all keys start with :1:.
Desired behavior
A new environment variable (e.g., CACHE_KEY_PREFIX) that sets KEY_PREFIX on all Redis-backed cache entries in the CACHES dict. Example:
CACHE_KEY_PREFIX = env.str("CACHE_KEY_PREFIX", default="")
for cache_name, cache_config in CACHES.items():
if "redis" in cache_config.get("BACKEND", "").lower():
cache_config["KEY_PREFIX"] = CACHE_KEY_PREFIXWith CACHE_KEY_PREFIX=flagsmith, keys become flagsmith:1:environment_document_xxx, which can be matched by Redis ACL ~flagsmith:*.
Use case
Our infrastructure runs a single Redis instance with per-service ACL users. Each service gets a dedicated user restricted to its own key namespace (~<service>:*). This is a common pattern for shared Redis deployments where full isolation (separate Redis instances) is impractical.
Without a configurable prefix, the Flagsmith Redis user must be granted ~* (all keys), breaking the isolation model.
Additional context
Summary
When self-hosting Flagsmith with a shared Redis instance that uses ACL-based multi-tenancy, all cache keys are written with an empty
KEY_PREFIX(Django default), producing keys like:1:environment_document_xxx. This makes it impossible to restrict Flagsmith's Redis user to a namespace prefix (e.g.,~flagsmith:*) via Redis ACL rules.Current behavior
Flagsmith's
CACHESconfiguration inapi/app/settings/common.pydoes not include aKEY_PREFIXfor any of the Redis-backed cache entries (environment_cache,environment_document_cache, etc.). Django'sBaseCache.make_keyproduces keys in the format{KEY_PREFIX}:{VERSION}:{key}— with an empty prefix, all keys start with:1:.Desired behavior
A new environment variable (e.g.,
CACHE_KEY_PREFIX) that setsKEY_PREFIXon all Redis-backed cache entries in theCACHESdict. Example:With
CACHE_KEY_PREFIX=flagsmith, keys becomeflagsmith:1:environment_document_xxx, which can be matched by Redis ACL~flagsmith:*.Use case
Our infrastructure runs a single Redis instance with per-service ACL users. Each service gets a dedicated user restricted to its own key namespace (
~<service>:*). This is a common pattern for shared Redis deployments where full isolation (separate Redis instances) is impractical.Without a configurable prefix, the Flagsmith Redis user must be granted
~*(all keys), breaking the isolation model.Additional context
CACHESframework natively supportsKEY_PREFIX— this is just about exposing it via env var