Redis

mail_intake.credentials.redis

Redis-backed credential persistence for Mail Intake.

This module provides a Redis-based implementation of the CredentialStore abstraction, enabling credential persistence across distributed and horizontally scaled deployments.

The Redis credential store is designed for environments where authentication credentials must be shared safely across multiple processes, containers, or nodes, such as container orchestration platforms and microservice architectures.

Key characteristics: - Distributed-safe, shared storage using Redis - Explicit, caller-defined serialization and deserialization - No reliance on unsafe mechanisms such as pickle - Optional time-to-live (TTL) support for automatic credential expiry

This module is responsible solely for persistence concerns. Credential validation, refresh, rotation, and acquisition remain the responsibility of authentication provider implementations.

RedisCredentialStore

RedisCredentialStore(redis_client: Any, key: str, serialize: Callable[[T], bytes], deserialize: Callable[[bytes], T], ttl_seconds: Optional[int] = None)

Bases: CredentialStore[T]

Redis-backed implementation of CredentialStore.

This store persists credentials in Redis and is suitable for distributed and horizontally scaled deployments where credentials must be shared across multiple processes or nodes.

The store is intentionally generic and delegates all serialization concerns to caller-provided functions. This avoids unsafe mechanisms such as pickle and allows credential formats to be explicitly controlled and audited.

This class is responsible only for persistence and retrieval. It does not interpret, validate, refresh, or otherwise manage the lifecycle of the credentials being stored.

Initialize a Redis-backed credential store.

Parameters:

Name	Type	Description	Default
`redis_client`	`Any`	An initialized Redis client instance (for example, `redis.Redis` or a compatible interface) used to communicate with the Redis server.	required
`key`	`str`	The Redis key under which credentials are stored. Callers are responsible for applying appropriate namespacing to avoid collisions.	required
`serialize`	`Callable[[T], bytes]`	A callable that converts a credential object of type `T` into a `bytes` representation suitable for storage in Redis.	required
`deserialize`	`Callable[[bytes], T]`	A callable that converts a `bytes` payload retrieved from Redis back into a credential object of type `T`.	required
`ttl_seconds`	`Optional[int]`	Optional time-to-live (TTL) for the stored credentials, expressed in seconds. When provided, Redis will automatically expire the stored credentials after the specified duration. If `None`, credentials are stored without an expiration.	`None`

clear

clear() -> None

Remove stored credentials from Redis.

This operation deletes the configured Redis key if it exists. Implementations should treat this method as idempotent.

load

load() -> Optional[T]

Load credentials from Redis.

If no value exists for the configured key, or if the stored payload cannot be successfully deserialized, this method returns None.

The store does not attempt to validate the returned credentials or determine whether they are expired or otherwise usable.

Returns:

Type	Description
`Optional[T]`	An instance of type `T` if credentials are present and
`Optional[T]`	successfully deserialized; otherwise `None`.

save

save(credentials: T) -> None

Persist credentials to Redis.

Any previously stored credentials under the same key are overwritten. If a TTL is configured, the credentials will expire automatically after the specified duration.

Parameters:

Name	Type	Description	Default
`credentials`	`T`	The credential object to persist.	required