{"id":9273,"library":"redis-entraid","title":"Redis Entra ID","description":"The `redis-entraid` Python package simplifies authentication with Azure Managed Redis and Azure Cache for Redis using Microsoft Entra ID (formerly Azure Active Directory). It handles fetching and renewing authentication tokens in the background, building on `redis-py`. The current version is 1.1.2, released on March 26, 2026. This library appears to have a regular release cadence with several updates in the past year.","status":"active","version":"1.1.2","language":"en","source_language":"en","source_url":"https://github.com/redis/redis-py-entraid","tags":["redis","azure","entra-id","authentication","managed-identity","azure-cache-for-redis","azure-managed-redis","redis-py"],"install":[{"cmd":"pip install redis-entraid","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core Redis client library that redis-entraid builds upon.","package":"redis","optional":false},{"reason":"Microsoft Authentication Library for Python, used for acquiring Entra ID tokens.","package":"msal","optional":false},{"reason":"Azure Identity client library, often used with DefaultAzureCredential for authentication.","package":"azure-identity","optional":false},{"reason":"Python library for JSON Web Token (JWT) handling.","package":"pyjwt","optional":false}],"imports":[{"note":"The core Redis client class from the `redis-py` library.","symbol":"Redis","correct":"from redis import Redis"},{"note":"Factory method to create a credential provider using Azure's DefaultAzureCredential.","symbol":"create_from_default_azure_credential","correct":"from redis_entraid.cred_provider import create_from_default_azure_credential"},{"note":"Used to instantiate a credential object that `redis-entraid` can leverage.","symbol":"DefaultAzureCredential","correct":"from azure.identity import DefaultAzureCredential"}],"quickstart":{"code":"import os\nfrom redis import Redis\nfrom azure.identity import DefaultAzureCredential\nfrom redis_entraid.cred_provider import create_from_default_azure_credential\n\n# --- Environment Variables (for DefaultAzureCredential to pick up) ---\n# Set these in your environment, e.g., in a .env file or directly:\n# os.environ['AZURE_TENANT_ID'] = 'YOUR_TENANT_ID'\n# os.environ['AZURE_CLIENT_ID'] = 'YOUR_CLIENT_ID'\n# os.environ['AZURE_CLIENT_SECRET'] = 'YOUR_CLIENT_SECRET'\n# OR ensure a Managed Identity is assigned to your application/VM.\n\n# --- Redis Connection Details ---\n# Your Azure Managed Redis or Azure Cache for Redis hostname and port\n# Default port for Azure Managed Redis is 10000, for Azure Cache for Redis it's 6380.\nREDIS_HOST = os.environ.get('REDIS_HOST', 'your_redis_cache_name.redis.cache.windows.net')\nREDIS_PORT = int(os.environ.get('REDIS_PORT', 10000)) \n\ndef connect_with_entra_id():\n    try:\n        # DefaultAzureCredential will attempt to authenticate via various methods\n        # including environment variables, managed identity, etc.\n        # Scopes are crucial for Entra ID authentication with Redis.\n        credential_provider = create_from_default_azure_credential(\n            (\"https://redis.azure.com/.default\",)\n        )\n        \n        # Azure enforces TLS for Entra ID authentication.\n        # decode_responses=True automatically decodes responses to Python strings.\n        r = Redis(\n            host=REDIS_HOST,\n            port=REDIS_PORT,\n            ssl=True,\n            decode_responses=True,\n            credential_provider=credential_provider\n        )\n\n        # Test the connection\n        if r.ping():\n            print(f\"Successfully connected to Redis at {REDIS_HOST}:{REDIS_PORT} with Entra ID.\")\n            r.set(\"mykey\", \"Hello from redis-entraid!\")\n            value = r.get(\"mykey\")\n            print(f\"Retrieved value: {value}\")\n        else:\n            print(\"Redis ping failed.\")\n\n    except Exception as e:\n        print(f\"An error occurred: {e}\")\n\nif __name__ == \"__main__\":\n    connect_with_entra_id()","lang":"python","description":"This quickstart demonstrates how to connect to an Azure Managed Redis or Azure Cache for Redis instance using Microsoft Entra ID authentication with `redis-entraid` and `DefaultAzureCredential`. Ensure you have configured environment variables for `DefaultAzureCredential` (e.g., `AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`) or that your application runs with an assigned Managed Identity. Replace `your_redis_cache_name.redis.cache.windows.net` with your actual Redis endpoint and set the correct port (e.g., 10000 for Azure Managed Redis or 6380 for Azure Cache for Redis)."},"warnings":[{"fix":"Upgrade to Python 3.10+ if using `redis-entraid` >= 1.1.0. Otherwise, pin `redis-entraid==1.0.0` for Python 3.9 projects.","message":"Python 3.9 support was dropped in `redis-entraid` version 1.1.0. If you are using Python 3.9, you must use `redis-entraid` version 1.0.0 or downgrade your Python version.","severity":"breaking","affected_versions":"<1.1.0"},{"fix":"Always include `ssl=True` when initializing the `redis.Redis` client for Entra ID authenticated connections.","message":"Azure Redis with Entra ID authentication strictly requires TLS/SSL connections. Attempting to connect without `ssl=True` in the `redis.Redis` client configuration will result in connection errors.","severity":"gotcha","affected_versions":"All"},{"fix":"The `redis-entraid` library is designed to handle token renewal automatically. Ensure your environment allows the underlying credential provider (e.g., `DefaultAzureCredential`) to acquire new tokens. Monitor logs for token acquisition failures. In some legacy configurations, a temporary workaround might involve gracefully restarting connections before token expiration.","message":"Long-lived connections may fail after an Entra ID token expires (typically ~24 hours) if the token renewal mechanism is not properly configured or if there are underlying issues preventing automatic refresh. This can manifest as `ERR WRONGPASS`.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"This error indicates a failure in the automatic token renewal. Verify that the `azure-identity` (or other underlying identity provider) configuration is correct and has the necessary permissions to refresh tokens. Check application logs for messages related to token acquisition failures.","cause":"The Entra ID authentication token used by the Redis connection has expired and was not successfully renewed.","error":"ERR WRONGPASS invalid username-password pair"},{"fix":"Ensure `ssl=True` is passed to the `redis.Redis` constructor. Double-check the `host` and `port` values for your Azure Redis instance. Confirm network access from your application to the Redis endpoint.","cause":"The Redis client attempted to connect without TLS/SSL, or the hostname/port is incorrect, or network connectivity issues.","error":"redis.exceptions.ConnectionError: [Errno 111] Connection refused"},{"fix":"Review your Azure Entra ID application registration, service principal, or managed identity configuration. Ensure the client ID, tenant ID, and client secret (if applicable) are correct and that the identity has permissions to access the Redis cache. Verify network access to `login.microsoftonline.com` or your specific Azure AD authority.","cause":"The `azure-identity` library or the underlying MSAL client could not successfully obtain an Entra ID token, possibly due to incorrect credentials, insufficient permissions for the service principal/managed identity, or network issues contacting Azure AD endpoints.","error":"An error occurred: Failed to acquire token! Identity provider request failed! Failed to acquire token! (or similar messages involving 'TokenRequestException')"}]}