| categories | description | linkTitle | title | weight | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Learn how to authenticate to an Azure Managed Redis (AMR) database |
Connect to AMR |
Connect to Azure Managed Redis |
2 |
The redis-entra-id package
lets you authenticate your app to
Azure Managed Redis (AMR)
using Microsoft Entra ID.
You can authenticate using a system-assigned or user-assigned
managed identity
or a service principal,
letting redis-entra-id fetch and renew the authentication tokens for you automatically.
Install [redis-py]({{< relref "/develop/clients/redis-py#install" >}}) first,
if you have not already done so. Then, install redis-entra-id with the
following command:
pip install redis-entra-idA CredentialProvider object obtains the authentication credentials you
need when you connect to Redis. See the sections below to learn how
to create the CredentialProvider instances for AMR
using the factory functions that redis-entra-id provides.
Use the create_from_service_principal() factory function to create a
CredentialProvider that authenticates to AMR using a
service principal (see the
Microsoft documentation to learn more about service principals).
You will need the following details of your service principal to make the connection:
- Client ID
- Client secret
- Tenant ID
The example below shows how to import the required modules and call
create_from_service_principal():
from redis import Redis
from redis_entraid.cred_provider import *
credential_provider = create_from_service_principal(
<CLIENT_ID>,
<CLIENT_SECRET>,
<TENANT_ID>
)This uses a default configuration but you can also provide a custom
configuration using the token_manager_config parameter:
credential_provider = create_from_service_principal(
<CLIENT_ID>,
<CLIENT_SECRET>,
<TENANT_ID>,
token_manager_config=TokenManagerConfig(
expiration_refresh_ratio=0.9,
lower_refresh_bound_millis=DEFAULT_LOWER_REFRESH_BOUND_MILLIS,
token_request_execution_timeout_in_ms=DEFAULT_TOKEN_REQUEST_EXECUTION_TIMEOUT_IN_MS,
retry_policy=RetryPolicy(
max_attempts=5,
delay_in_ms=50
)
)
)Use the create_from_managed_identity() factory function to create a
CredentialProvider that authenticates to AMR using a
managed identity (see the
Microsoft documentation to learn more about managed identities).
The example below shows how to import the required modules and call
create_from_managed_identity().
Pass ManagedIdentityType.USER_ASSIGNED or ManagedIdentityType.SYSTEM_ASSIGNED
as the identity_type parameter.
from redis import Redis
from redis_entraid.cred_provider import *
credential_provider = create_from_managed_identity(
identity_type=ManagedIdentityType.SYSTEM_ASSIGNED,
)This uses a default configuration but you can also provide a custom
configuration using the token_manager_config parameter:
credential_provider = create_from_managed_identity(
identity_type=ManagedIdentityType.SYSTEM_ASSIGNED,
...
token_manager_config=TokenManagerConfig(
expiration_refresh_ratio=0.9,
lower_refresh_bound_millis=DEFAULT_LOWER_REFRESH_BOUND_MILLIS,
token_request_execution_timeout_in_ms=DEFAULT_TOKEN_REQUEST_EXECUTION_TIMEOUT_IN_MS,
retry_policy=RetryPolicy(
max_attempts=5,
delay_in_ms=50
)
)
)When you have created your CredentialProvider instance, you are ready to
connect to AMR.
The example below shows how to pass the instance as a parameter to the standard
Redis() connection method.
{{< note >}} Azure requires you to use
Transport Layer Security (TLS)
when you connect (see
[Connect with TLS]({{< relref "/develop/clients/redis-py/connect#connect-to-your-production-redis-with-tls" >}}) for more information).
{{< /note >}}
r = Redis(
host=<HOST>, port=<PORT>,
credential_provider=credential_provider,
ssl=True,
ssl_certfile="./redis_user.crt",
ssl_keyfile="./redis_user_private.key",
ssl_ca_certs="./redis_ca.pem"
)
// Test the connection.
print("The database size is: {}".format(client.dbsize()))