Profiles & Authentication
Profiles store connection details and credentials for your Redis deployments. You can have multiple profiles for different environments (dev, staging, production).
Quick Setup
Redis Cloud
# Using environment variables (simplest)
export REDIS_CLOUD_API_KEY="your-api-key"
export REDIS_CLOUD_SECRET_KEY="your-secret-key"
# Or create a profile
redisctl profile set cloud-prod \
--deployment-type cloud \
--api-key "your-api-key" \
--api-secret "your-secret-key"
Redis Enterprise
# Using environment variables
export REDIS_ENTERPRISE_URL="https://cluster.example.com:9443"
export REDIS_ENTERPRISE_USER="admin@cluster.local"
export REDIS_ENTERPRISE_PASSWORD="your-password"
export REDIS_ENTERPRISE_INSECURE="true" # for self-signed certs
# Or create a profile
redisctl profile set enterprise-prod \
--deployment-type enterprise \
--url "https://cluster.example.com:9443" \
--username "admin@cluster.local" \
--password "your-password" \
--insecure
Getting Credentials
Redis Cloud API Keys
- Log in to app.redislabs.com
- Click your name → Account Settings → API Keys
- Click "Add API Key" and give it a name
- Copy both the Account key and Secret (you won't see the secret again!)
Redis Enterprise Credentials
- URL:
https://cluster-fqdn:9443 - Username: Configured during setup (often
admin@cluster.local) - Password: Set during cluster bootstrap
Profile Management
# List all profiles
redisctl profile list
# Show profile details
redisctl profile get cloud-prod
# Set default profile
redisctl profile set-default cloud-prod
# Delete a profile
redisctl profile delete old-profile
# Use a specific profile
redisctl --profile cloud-prod cloud database list
Credential Storage Options
1. Environment Variables (CI/CD)
Best for automation and CI/CD pipelines:
# Cloud
export REDIS_CLOUD_API_KEY="..."
export REDIS_CLOUD_SECRET_KEY="..."
# Enterprise
export REDIS_ENTERPRISE_URL="..."
export REDIS_ENTERPRISE_USER="..."
export REDIS_ENTERPRISE_PASSWORD="..."
2. OS Keyring (Recommended for Local)
Store credentials securely in your operating system's keychain:
# Requires secure-storage feature
cargo install redisctl --features secure-storage
# Create profile with keyring storage
redisctl profile set production \
--deployment-type cloud \
--api-key "your-key" \
--api-secret "your-secret" \
--use-keyring
Your config file will contain references, not actual secrets:
[profiles.production]
deployment_type = "cloud"
api_key = "keyring:production-api-key"
api_secret = "keyring:production-api-secret"
3. Configuration File (Development Only)
For development, credentials can be stored in ~/.config/redisctl/config.toml:
default_profile = "dev"
[profiles.dev]
deployment_type = "cloud"
api_key = "your-api-key"
api_secret = "your-secret-key"
Warning: This stores credentials in plaintext. Use keyring or environment variables for production.
Configuration File Location
- Linux/macOS:
~/.config/redisctl/config.toml - Windows:
%APPDATA%\redis\redisctl\config.toml
Override Hierarchy
Settings are resolved in this order (later overrides earlier):
- Configuration file (profile settings)
- Environment variables
- Command-line flags
# Profile says cloud-prod, but CLI overrides
redisctl --profile cloud-prod --api-key "different-key" cloud database list
Security Best Practices
- Use OS keyring for local development
- Use environment variables for CI/CD
- Never commit credentials to version control
- Set file permissions:
chmod 600 ~/.config/redisctl/config.toml - Rotate credentials regularly
- Use read-only API keys when write access isn't needed
Troubleshooting
Authentication Failed
# Check what credentials are being used
redisctl profile get
# Enable debug logging
RUST_LOG=debug redisctl api cloud get /
Profile Not Found
# List available profiles
redisctl profile list
# Check config file exists
cat ~/.config/redisctl/config.toml
Certificate Errors (Enterprise)
For self-signed certificates:
# Via environment
export REDIS_ENTERPRISE_INSECURE="true"
# Or in profile
redisctl profile set myprofile --insecure