Valkey 9.1 grows up: "It's a database," says key maintainer

Valkey security capabilities 

Now upping its game Valkey’s security capabilities include numbered database-level access control.

Valkey enables stronger multi-tenant solution isolation and more granular security policies by allowing administrators to restrict which commands a user may execute with per-database granularity. 

Previously, ACL rules (Access Control List rules are security filters that define permissions, allowing or denying specific traffic or user actions based on defined criteria and identities) could control which commands a user could execute and which keys they could access, but that access applied to any database. With database-level ACLs, administrators and operators can now scope user permissions to specific databases.

Lua moved to a module

Valkey 9.1 moves the Lua scripting engine into its own module, decoupling it from the core server. 

The Lua scripting engine is a lightweight, embeddable interpreter that executes Lua code within a host application to provide flexible, high-performance customisation and automated logic.

By extracting Lua into a module, Valkey reduces its security surface area and gives operators the option to disable Lua entirely if it is not required. To make it easier to understand which scripting engines are loaded, the INFO command has a new reply section named Scripting Engines.

TLS improvements

Valkey now displays TLS certificate (A TLS certificate is a digital file that authenticates a website’s identity and enables encrypted communication between a server and a client via the SSL/TLS protocol) expiration dates via the INFO command, making it easier to detect and avoid outages caused by expired TLS certificates. 9.1 also includes automatic background reloading of TLS certificates to enable rotation without downtime and support for TLS authentication using certificate Subject Alternate Name (SAN) URIs for easier mTLS integration.

New observability features in Valkey 9.1.0 make it easier to understand how a server is performing:

• Main and I/O Thread Usage Metrics: CPU usage metrics alone don’t provide enough insight into how loaded a Valkey server is, as the main thread and I/O threads will wait for work in a busy loop that can appear as near 100% CPU utilization, even if the threads are relatively idle. New cumulative metrics for main and I/O thread usage make it easier to monitor your server’s true load and tune accordingly.
• JSON Logging: Valkey can now emit server logs in JSON format with the log-format json configuration directive, making logs natively parseable by observability tools without custom parsing patterns.

Valkey 9.1.0 pushes single server throughput to 2.1 million requests per second using 512-byte payloads, 9 IO threads, and a pipeline depth of 10 commands. You can explore the full results and compare across versions on the Valkey Performance Dashboards.

Performance enhancements

Notable performance enhancements in 9.1.0 include:

New IO threading model: A redesign of the IO threading communication model improves throughput by up to 17% for a variety of workload types.

Faster Stream Operations: The XRANGE and XREVRANGE commands are up to 30% faster thanks to stream range hot path optimisations.

Higher throughput GETs: Raising the string embedding size threshold delivers up to 30% higher throughput for string GET commands.

Faster Sorted Set Queries: Improvements to skiplist query processing makes sorted set operations like ZRANGEBYSCORE and ZRANGEBYLEX faster. Cached COMMAND responses: COMMAND responses are now cached. This may reduce connection establishment time for some clients which use this command as part of client initialisation. Enable Hardware Clock by default: Valkey now enables hardware clock use by default, reducing the overhead of time-related system calls and improving GET and SET performance by up to 3% overall.

Efficient, faster internal operations

We can also highlight the fat that 9.1.0 continues Valkey’s focus on memory efficiency and faster internal operations. Reduced Memory Usage for Strings: Internal pointer optimisations bring up to a 20% memory reduction for strings under 128 bytes, delivering significant memory usage reduction for common use cases that store many small string values. Reduced Memory Usage for Sorted Sets: Skiplist optimisations reduce sorted set memory usage by up to 10%.

Improved Rehashing Performance: Valkey 9.1.0 optimises internal hash table rehashing (often triggered by keyspace growth) to reduce latency impact during rehashing operations. Faster Bulk Delete Operations: Valkey now pauses internal hash table resizing during bulk delete operations like SREM, ZREM, and HDEL to avoid unnecessary rehashing operations and improve bulk deletion performance.

More Efficient Replica Creation: Replica creation with AOF enabled now reuses the received RDB file instead of generating a new snapshot for the initial AOF base file.

New commands

The new HGETDEL command atomically retrieves and deletes one or more fields from a hash. This is useful for queue-like patterns where a developer needs to consume and remove data in a single operation, eliminating the need to use a transaction with HGET followed by an HDEL.

The new MSETEX command allows you to set multiple keys with a shared expiration time in a single command. Previously, setting multiple keys with the same TTL required either multiple SETEX calls or a pipeline of SET and EXPIRE commands. MSETEX simplifies this common pattern and reduces round-trip

Tooling improvements in 9.1.0 include the below…

CLI Support for Atomic Slot Migration: The Valkey CLI tool now supports atomic slot migration by providing the –cluster-use-atomic-slot-migration parameter when performing – cluster rebalance and –cluster reshard operations.

Benchmark Improvements are also here: The valkey-benchmark tool now includes RPS distribution in the output and new –warmup and –duration parameters, giving users more control over benchmarking runs and more detailed performance analysis.