Skip to content

Use Event Topics

Caracal uses Redis Streams for propagation. Published modes sign stream messages with STREAMS_HMAC_KEY.

TopicProducersConsumers
caracal.audit.eventsAPI, STS, Gateway, Coordinator, ControlAudit audit-ingestor, SIEM exporters
caracal.audit.events.dlqAuditDLQ observers
caracal.policy.invalidateAPISTS policy loader
caracal.sessions.revokeAPI, CoordinatorSTS, Gateway, resource-server revocation consumers
caracal.keys.invalidateAPI, STSSTS key caches
caracal.agents.lifecycleCoordinatorCoordinator lifecycle relay job
caracal.invocations.lifecycleCoordinatorInvocation observers
caracal.delegations.invalidateCoordinatorDelegation observers
caracal.providers.ratelimitProvisioner/provider coordinationProvider rate-limit coordination
TopicGroups
caracal.audit.eventsaudit-ingestor, siem-export
caracal.audit.events.dlqaudit-dlq-observer
caracal.policy.invalidateopa-engine
caracal.sessions.revokests-revocation
caracal.keys.invalidatests-keys
caracal.agents.lifecyclecoordinator-relay
caracal.invocations.lifecycleinvocations-observer
caracal.delegations.invalidatedelegations-observer

Signed stream messages include the _sig field. Consumers in published modes must reject unsigned or mismatched messages for streams that require origin verification.