Profiles¶
Manage credentials for multiple Redis deployments.
Why Profiles?¶
Instead of juggling environment variables or passing credentials on every command, profiles let you:
- Store credentials for multiple environments (dev, staging, prod)
- Switch between Redis Cloud, Enterprise, and direct database connections
- Keep credentials secure with OS keyring integration
- Share configuration (without secrets) across teams
Profile Types¶
redisctl supports three profile types:
| Type | Use Case |
|---|---|
| Cloud | Redis Cloud API access (subscriptions, databases, etc.) |
| Enterprise | Redis Enterprise REST API access (cluster management) |
| Database | Direct Redis database connections |
Creating Profiles¶
Redis Cloud¶
redisctl profile set my-cloud --type cloud \
--api-key "your-api-key" \
--api-secret "your-secret-key"
Redis Enterprise¶
redisctl profile set my-enterprise --type enterprise \
--url "https://cluster.example.com:9443" \
--username "admin@cluster.local" \
--password "your-password"
Database (Direct Redis Connection)¶
For direct connections to Redis databases:
redisctl profile set my-cache --type database \
--host "redis-12345.cloud.redislabs.com" \
--port 12345 \
--password "your-password"
Database profiles support these options:
| Option | Description | Default |
|---|---|---|
--host |
Redis server hostname | (required) |
--port |
Redis server port | (required) |
--password |
Redis password | (none) |
--username |
Redis ACL username (Redis 6+) | default |
--no-tls |
Disable TLS | TLS enabled |
--db |
Redis database number | 0 |
Example for local development without TLS:
Using Profiles¶
Per-Command¶
# With explicit prefix
redisctl --profile prod cloud subscription list
redisctl --profile dev enterprise cluster get
# Prefix optional — profile type tells the CLI which platform
redisctl --profile prod subscription list
redisctl --profile dev cluster get
Default Profiles¶
Set defaults for each profile type:
# Set default Cloud profile
redisctl profile default-cloud prod-cloud
# Set default Enterprise profile
redisctl profile default-enterprise prod-cluster
# Set default Database profile
redisctl profile default-database my-cache
Now commands use the appropriate default automatically:
redisctl cloud subscription list # Uses prod-cloud
redisctl enterprise cluster get # Uses prod-cluster
Platform Inference¶
When your configuration makes the platform unambiguous, you can omit the cloud or enterprise prefix entirely. The CLI infers the correct platform from your profile.
How It Works¶
Cloud-only commands — never need a prefix:
subscription,account,payment-method,cloud-account,essentials,vpc-peering,transit-gateway,private-link
Enterprise-only commands — never need a prefix:
cluster,node,shard,module,logs,stats,support-package,debuginfo,diagnostics,endpoint,crdb,ldap,alert
Shared commands — inferred from your default profile:
database,user,acl,role
When You Still Need Prefixes¶
- Both cloud and enterprise profiles configured with no default — the CLI can't guess which you mean
- Scripts and automation — explicit prefixes make scripts config-independent
--profileflag — when overriding the default, the prefix is optional since the profile type is known
# Explicit for clarity in scripts
redisctl cloud database list --subscription-id 123
# --profile makes the platform clear, so prefix is optional
redisctl --profile prod-cluster database list
Override with Environment¶
Environment variables override profile settings:
# Profile says one thing, env var wins
export REDIS_CLOUD_API_KEY="override-key"
redisctl --profile prod cloud subscription list # Uses override-key
Managing Profiles¶
List All Profiles¶
Profiles:
Cloud:
* prod-cloud (default)
dev-cloud
Enterprise:
* prod-cluster (default)
staging-cluster
Database:
* my-cache (default)
local-redis
Show Profile Details¶
Delete a Profile¶
Validate Configuration¶
Secure Storage¶
Default is Plaintext
By default, credentials are stored in plaintext. Use one of the secure options below for sensitive environments.
Option 1: OS Keyring¶
Store credentials in macOS Keychain, Windows Credential Manager, or Linux Secret Service:
# Create profile with keyring storage
redisctl profile set prod --type cloud \
--api-key "$KEY" \
--api-secret "$SECRET" \
--use-keyring
The config file only stores a reference:
[profiles.prod]
deployment_type = "cloud"
api_key = "keyring:prod-api-key"
api_secret = "keyring:prod-api-secret"
Option 2: Environment References¶
Store references to environment variables:
redisctl profile set prod --type cloud \
--api-key '${REDIS_CLOUD_API_KEY}' \
--api-secret '${REDIS_CLOUD_SECRET_KEY}'
Variables are resolved at runtime. Great for CI/CD where secrets are injected.
Configuration File Location¶
| Platform | Path |
|---|---|
| Linux | ~/.config/redisctl/config.toml |
| macOS | ~/.config/redisctl/config.toml |
| Windows | %APPDATA%\redis\redisctl\config.toml |
Example Configuration¶
default_cloud = "prod-cloud"
default_enterprise = "prod-cluster"
default_database = "my-cache"
[profiles.prod-cloud]
deployment_type = "cloud"
api_key = "keyring:prod-api-key"
api_secret = "keyring:prod-api-secret"
[profiles.prod-cluster]
deployment_type = "enterprise"
url = "https://prod-cluster:9443"
username = "admin@cluster.local"
password = "${PROD_PASSWORD}"
[profiles.dev-cluster]
deployment_type = "enterprise"
url = "https://dev-cluster:9443"
username = "admin@cluster.local"
password = "${DEV_PASSWORD}"
insecure = true
[profiles.my-cache]
deployment_type = "database"
host = "redis-12345.cloud.redislabs.com"
port = 12345
password = "keyring:my-cache-password"
tls = true
username = "default"
[profiles.local-redis]
deployment_type = "database"
host = "localhost"
port = 6379
tls = false