{
  "id": "database_config",
  "title": "CRDB database config object",
  "url": "https://redis.io/docs/latest/operate/rs/references/rest-api/objects/crdb/database_config/",
  "summary": "An object that represents the database configuration",
  "tags": [
    "docs",
    "operate",
    "rs"
  ],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "page_type": "content",
  "content_hash": "62353ce83f45b79cefbb608b0ccd8db54309f1f04b8efb8045de908468ecf85e",
  "sections": [
    {
      "id": "content",
      "title": "Content",
      "role": "content",
      "text": "An object that represents the database configuration. This configuration object is used in two contexts within CRDB objects:\n\n- As `default_db_config` in the main [CRDB object]() for settings that apply to all instances. In most cases, instances should use the same configuration.\n\n- As `db_config` in individual [instance objects]() to override `default_db_config` or add configuration values for specific instances. Use `db_config` only when an instance needs different settings than the default configuration.\n\n| Name | Type/Value | Description |\n|------|------------|-------------|\n| aof_policy | **'appendfsync-every-sec'** <br />'appendfsync-always' | Policy for Append-Only File data persistence |\n| <span class=\"break-all\">authentication_admin_pass</span> | string | Administrative databases access token |\n| <span class=\"break-all\">authentication_redis_pass</span> | string | Redis AUTH password (deprecated as of Redis Software v7.2, replaced with multiple passwords feature in version 6.0.X) |\n| bigstore | boolean (default: false) | Database driver is Auto Tiering |\n| bigstore_ram_size | integer (default: 0) | Memory size of RAM size |\n| cert | string | Optional PEM-encoded server certificate for the underlying database instance |\n| data_persistence | 'disabled'<br />'snapshot'<br />**'aof'** | Database on-disk persistence policy. For snapshot persistence, a [snapshot_policy]() must be provided |\n| <span class=\"break-all\">enforce_client_authentication</span> | **'enabled'** <br />'disabled' | Require authentication of client certificates for SSL connections to the database. If enabled, a certificate should be provided in either <span class=\"break-all\">`authentication_ssl_client_certs`</span> or <span class=\"break-all\">`authentication_ssl_crdt_certs`</span> |\n| <span class=\"break-all\">authentication_ssl_client_certs</span> | array | List of authorized client certificates. For Active-Active databases, it is strongly advised to configure the client certificates individually for each instance instead of using the default database configuration, even if the same certificate is used across all instances.<br />[{<br />  \"client_cert\": string<br />}, ...]<br />**client_cert**: X.509 PEM (Base64) encoded certificate |\n| <span class=\"break-all\">mtls_allow_outdated_certs</span> | boolean (default: false) | An optional mTLS relaxation flag for certs verification |\n| <span class=\"break-all\">mtls_allow_weak_hashing</span> | boolean (default: false) | An optional mTLS relaxation flag for certs verification |\n| max_aof_file_size | integer | Maximum AOF file size in bytes |\n| max_aof_load_time | integer (default: 3600) | Maximum AOF reload time in seconds |\n| memory_size | integer (default: 0) | Database memory size limit in bytes. 0 is unlimited. |\n| module_list | array of module objects | List of modules to be loaded to all participating clusters of the Active-Active database<br />[{<br />  \"module_id\": string,<br />  \"module_args\": string,<br />  \"module_name\": string,<br />  \"semantic_version\": string,<br />}, ...]<br />**module_id**: Module UID (deprecated; use `module_name` instead)<br />**module_args**: Module command-line arguments (pattern does not allow special characters &,\\<,>,\")<br />**module_name**: Module's name<br />**semantic_version**: Module's semantic version (deprecated; use `module_args` instead)<br /><br />**module_id** and **semantic_version** are optional as of Redis Software v7.4.2 and deprecated as of v7.8.2. |\n| oss_cluster | boolean (default: false) | Enables OSS Cluster mode |\n| <span class=\"break-all\">oss_cluster_api_preferred_ip_type</span> | 'internal'<br />'external' | Indicates preferred IP type in OSS cluster API |\n| oss_sharding | boolean (default: false) | An alternative to `shard_key_regex` for using the common case of the OSS shard hashing policy |\n| port | integer | TCP port for database access |\n| private_key | string | Optional PEM-encoded private key matching the certificate for the underlying database instance |\n| proxy_policy | 'single'<br />'all-master-shards'<br />'all-nodes' | The policy used for proxy binding to the endpoint |\n| rack_aware | boolean (default: false) | Require the database to be always replicated across multiple racks |\n| replication | boolean (default: true) | Database replication |\n| sharding | boolean (default:&nbsp;false) | Cluster mode (server-side sharding). When true, shard hashing rules must be provided by either `oss_sharding` or `shard_key_regex` |\n| shard_key_regex | `[{ \"regex\": string }, ...]` | Custom keyname-based sharding rules (required if sharding is enabled)<br /><br />To use the default rules you should set the value to:<br />`[{\"regex\": \".*\\\\{(?<tag>.*)\\\\}.*\"}, {\"regex\": \"(?<tag>.*)\"}]` |\n| shards_count | integer (range: 1-512) (default: 1) | Number of database shards |\n| shards_placement | 'dense'<br />'sparse' | Control the density of shards<br />Values:<br />**'dense'**: Shards reside on as few nodes as possible <br /> **'sparse'**: Shards reside on as many nodes as possible |\n| snapshot_policy | array of [snapshot_policy]() objects | Policy for snapshot-based data persistence. A dataset snapshot will be taken every N secs if there are at least M writes changes in the dataset. |\n| tls_mode | 'enabled'<br /> **'disabled'** <br />'replica_ssl' | Encrypt communication |"
    }
  ],
  "examples": []
}