Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Azure Managed Redis (preview)offers two methods to authenticate to your cache instance: access keys and Microsoft Entra.
Although access key authentication is simple, it comes with a set of challenges around security and password management. For contrast, in this article, you learn how to use a Microsoft Entra token for cache authentication.
Azure Managed Redis offers a password-free authentication mechanism by integrating with Microsoft Entra. The Entra ID configured to connect with Azure Managed Redis is assigned the same permissions as with using Access Keys.
In this article, you learn how to use your service principal or managed identity to connect to your Redis instance.
Important
After a connection is established by using a Microsoft Entra token, client applications must periodically refresh the Microsoft Entra token before expiry. Then the apps must send an AUTH
command to the Redis server to avoid disrupting connections. For more information, see Configure your Redis client to use Microsoft Entra.
In the Azure portal, select the Azure Managed Redis instance where you want to configure Microsoft Entra token-based authentication.
On the Resource menu, select Authentication.
On the working pane, select the Microsoft Entra Authentication tab.
Select Enable Microsoft Entra Authentication and choose "User or service principal" or "Managed Identity" buttons. The user you enter is automatically assigned same permissions as when using Access Keys when you Select. You can also enter a managed identity or service principal to connect to your AMR instance.
For information on how to use Microsoft Entra with the Azure CLI, see the reference pages for identity.
Using Microsoft Entra is the secure way to connect your cache. We recommend that you use Microsoft Entra and disable access keys.
When you disable access key authentication for a Redis instance, all existing client connections are terminated, whether they use access keys or Microsoft Entra authentication. Follow the recommended Redis client best practices to implement proper retry mechanisms for reconnecting Microsoft Entra-based connections, if any.
Before you disable access keys:
Microsoft Entra authentication must be enabled.
For geo-replicated caches, you must:
If you have a cache where you use access keys, and you want to disable access keys, follow this procedure:
In the Azure portal, select the Azure Managed Redis instance where you want to disable access keys.
On the Resource menu, select Authentication.
On the working pane, select Access keys.
Configure Access Keys Authentication to be disabled.
Confirm that you want to update your configuration by selecting Yes.
Important
When the Disable Access Keys Authentication setting is changed for a cache, all existing client connections, using access keys or Microsoft Entra, are terminated. Follow the best practices to implement proper retry mechanisms for reconnecting Microsoft Entra-based connections. For more information, see Connection resilience.
Because most Azure Managed Redis clients assume that a password and access key are used for authentication, you likely need to update your client workflow to support authentication by using Microsoft Entra. In this section, you learn how to configure your client applications to connect to Azure Managed Redis by using a Microsoft Entra token.
Configure your client application to acquire a Microsoft Entra token for scope, https://redis.azure.com/.default
or acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default
, by using the Microsoft Authentication Library (MSAL).
Update your Redis connection logic to use the following User
and Password
:
User
= Object ID of your managed identity or service principalPassword
= Microsoft Entra token that you acquired by using MSALEnsure that your client executes a Redis AUTH command automatically before your Microsoft Entra token expires by using:
User
= Object ID of your managed identity or service principalPassword
= Microsoft Entra token refreshed periodicallyThe library Microsoft.Azure.StackExchangeRedis
is an extension of StackExchange.Redis
that enables you to use Microsoft Entra to authenticate connections from a Redis client application to an Azure Managed Redis. The extension manages the authentication token, including proactively refreshing tokens before they expire to maintain persistent Redis connections over multiple days.
This code sample demonstrates how to use the Microsoft.Azure.StackExchangeRedis
NuGet package to connect to your Azure Managed Redis instance by using Microsoft Entra.
The following table includes links to code samples. They demonstrate how to connect to your Azure Managed Redis instance by using a Microsoft Entra token. Various client libraries are included in multiple languages.
Client library | Language | Link to sample code |
---|---|---|
StackExchange.Redis | .NET | StackExchange.Redis code sample |
redis-py | Python | redis-py code sample |
Jedis | Java | Jedis code sample |
Lettuce | Java | Lettuce code sample |
Redisson | Java | Redisson code sample |
ioredis | Node.js | ioredis code sample |
node-redis | Node.js | node-redis code sample |
AUTH
command periodically, consider adding a jitter so that the AUTH
commands are staggered. In this way, your Redis server doesn't receive too many AUTH
commands at the same time.Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest SQL, Fabric and Power BI learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayTraining
Module
Introduction to Azure Cache for Redis - Training
Evaluate how Azure Cache for Redis can improve the performance and scalability of your apps. Describe how Redis provides a critical low-latency and high-throughput data storage solution to modern apps.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.