Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Redis Enterprise Credentials

Redis Enterprise deployments use REST API basic authentication:

deployments:
  - id: "ent-01"
    name: "production-enterprise"
    type: "enterprise"
    rest_api:
      host: "enterprise.example.com"
      port: 9443
      use_tls: true
      insecure: false # Set true for self-signed certificates
    credentials:
      rest_api:
        basic_auth: "admin@cluster.local:${ENTERPRISE_PASSWORD}"

Key points:

  • Authentication uses username:password format in the basic_auth field
  • Typically uses admin-level credentials for cluster API access
  • Supports self-signed certificates with insecure: true
  • Uses port 9443 for REST API access

Enterprise data access: create Data ACL, Role, and User

You can grant the collector read-only access in Redis Enterprise using either the REST API or the Admin UI.

Option A — REST API

  1. Create a Redis ACL (Data ACL)
curl -X POST "https://<your-cluster-host>:9443/v1/redis_acls" \
  -H "Content-Type: application/json" \
  -u "<admin-user>:<admin-password>" \
  -d '{
    "name": "radar-collector-acl",
    "acl": "+@read +info +ping +config|get +client|list +memory +latency"
  }'
  • Save the uid from the response (call it ACL_UID).
  1. Create a Role and then assign the ACL to each database you want monitored
# Create role
curl -X POST "https://<your-cluster-host>:9443/v1/roles" \
  -H "Content-Type: application/json" \
  -u "<admin-user>:<admin-password>" \
  -d '{
    "name": "radar-collector-role",
    "management": "cluster_member"
  }'

# Save the role uid from the response (ROLE_UID), then for each database:
# Replace <BDB_ID> with the database id/uid on your cluster
curl -X PUT "https://<your-cluster-host>:9443/v1/bdbs/<BDB_ID>" \
  -H "Content-Type: application/json" \
  -u "<admin-user>:<admin-password>" \
  -d '{
    "roles_permissions": [
      { "role_uid": ROLE_UID, "redis_acl_uid": ACL_UID }
    ]
  }'
  1. Create the collector user and assign the role
curl -X POST "https://<your-cluster-host>:9443/v1/users" \
  -H "Content-Type: application/json" \
  -u "<admin-user>:<admin-password>" \
  -d '{
    "email": "radar-collector@cluster.local",
    "password": "<secure-password>",
    "name": "radar-collector",
    "role_uids": [ ROLE_UID ]
  }'

Option B — Admin UI

  1. Create a new Redis ACL
  • Navigate: Access Control → Roles → Data ACLs → Add Redis ACL
  • Name: radar-collector-acl
  • ACL Rule: +@read +info +ping +config|get +client|list +memory +latency
  1. Create a role and assign the ACL to databases
  • Navigate: Access Control → Roles → Create Role
  • Name: radar-collector-role
  • Management: cluster_member
  • For each database to monitor: Database → Configuration → Security → Assign radar-collector-acl to radar-collector-role
  1. Create a user and give it the role
  • Navigate: Access Control → Users → Add User
  • Email: radar-collector@cluster.local
  • Password: <secure-password>
  • Name: radar-collector
  • Assign role: radar-collector-role

Using the created credentials

Use the created user credentials for Radar Enterprise collection:

# REST API basic auth in your collector configuration
credentials:
  rest_api:
    basic_auth: "radar-collector@cluster.local:<secure-password>"

Notes:

  • The Data ACL grants read-only access used by the collector to collect metrics.
  • Apply the role+ACL to every database you want the collector to monitor.
  • For clusters with self-signed certs, set use_tls: true and insecure: true in the Enterprise rest_api config.