From b3edf21d21947ae716b81084f5d0261eafe62a16 Mon Sep 17 00:00:00 2001
From: "Rodrigo Rodriguez (Pragmatismo)" <me@rodrigorodriguez.com>
Date: Wed, 1 Apr 2026 20:17:37 -0300
Subject: [PATCH] fix: init_redis fetches cache password from Vault (fixes
 connection timeout)

- Root cause: init_redis() used redis://localhost:6379 without password
- Valkey requires authentication, causing connection timeouts
- Fix: use get_cache_config() from SecretsManager to build URL with password
- Falls back to env vars (CACHE_URL/REDIS_URL/VALKEY_URL) if set
---
 src/main_module/bootstrap.rs | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/main_module/bootstrap.rs b/src/main_module/bootstrap.rs
index 3df7540e..35d21e15 100644
--- a/src/main_module/bootstrap.rs
+++ b/src/main_module/bootstrap.rs
@@ -284,10 +284,25 @@ pub async fn load_config(
 /// Initialize Redis/Valkey cache with retry logic
 #[cfg(feature = "cache")]
 pub async fn init_redis() -> Option<Arc<redis::Client>> {
+    // Try environment variables first
     let cache_url = std::env::var("CACHE_URL")
         .or_else(|_| std::env::var("REDIS_URL"))
         .or_else(|_| std::env::var("VALKEY_URL"))
-        .unwrap_or_else(|_| "redis://localhost:6379".to_string());
+        .ok();
+
+    // If no env var, try to get credentials from Vault
+    let cache_url = if let Some(url) = cache_url {
+        url
+    } else if let Some(secrets) = crate::core::shared::utils::get_secrets_manager().await {
+        let (host, port, password) = secrets.get_cache_config();
+        if let Some(pass) = password {
+            format!("redis://:{}@{}:{}", pass, host, port)
+        } else {
+            format!("redis://{}:{}", host, port)
+        }
+    } else {
+        "redis://localhost:6379".to_string()
+    };
 
     info!("Attempting to connect to cache at: {}", cache_url);