diff --git a/CHANGELOG.md b/CHANGELOG.md
index 644ecd83..bf3fc79e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - Fix `ServiceIntegration` deletion when instance has no id set
 - Change `Kafka` field `userConfig.kafka_version`: enum ~~`[3.4, 3.5, 3.6]`~~ → `[3.4, 3.5, 3.6, 3.7]`
 - Add `ServiceIntegration` `flink_external_postgresql` type
+- Remove `REDIS_CA_CERT` secret key. Can't be used with the service type
 
 ## v0.19.0 - 2024-04-18
 
diff --git a/controllers/generic_service_handler.go b/controllers/generic_service_handler.go
index 785bc6af..52735268 100644
--- a/controllers/generic_service_handler.go
+++ b/controllers/generic_service_handler.go
@@ -193,6 +193,12 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG
 			return secret, err
 		}
 
+		// Redis shouldn't expose CA_CERT
+		// It can't be used to connect to redis
+		if o.getServiceType() == "redis" {
+			return secret, nil
+		}
+
 		cert, err := avnGen.ProjectKmsGetCA(ctx, spec.Project)
 		if err != nil {
 			return nil, fmt.Errorf("cannot retrieve project CA certificate: %w", err)
diff --git a/tests/redis_test.go b/tests/redis_test.go
index a3af0b1b..578b11d6 100644
--- a/tests/redis_test.go
+++ b/tests/redis_test.go
@@ -107,5 +107,4 @@ func TestRedis(t *testing.T) {
 	assert.NotEmpty(t, secret.Data["REDIS_PORT"])
 	assert.NotEmpty(t, secret.Data["REDIS_USER"])
 	assert.NotEmpty(t, secret.Data["REDIS_PASSWORD"])
-	assert.NotEmpty(t, secret.Data["REDIS_CA_CERT"])
 }