Profiles¶
Manage credentials for multiple Redis deployments.
Why Profiles?¶
Instead of juggling environment variables or passing credentials on every command, profiles let you:
- Store credentials for multiple environments (dev, staging, prod)
- Switch between Redis Cloud, Enterprise, and direct database connections
- Keep credentials secure with OS keyring integration
- Share configuration (without secrets) across teams
Profile Types¶
redisctl supports three profile types:
| Type | Use Case |
|---|---|
| Cloud | Redis Cloud API access (subscriptions, databases, etc.) |
| Enterprise | Redis Enterprise REST API access (cluster management) |
| Database | Direct Redis database connections |
Interactive Setup¶
The quickest way to create a profile is with the interactive wizard:
The wizard walks you through:
- Choosing a profile name
- Selecting the deployment type (Cloud, Enterprise, or Database)
- Entering credentials with guided prompts
- Optionally storing credentials in the OS keyring
This is the recommended approach for first-time setup. You can also use redisctl profile setup (alias).
Creating Profiles¶
Redis Cloud¶
You'll need an API key and secret from the Redis Cloud console under Access Management > API Keys.
redisctl profile set my-cloud --type cloud \
--api-key "your-api-key" \
--api-secret "your-secret-key"
Redis Enterprise¶
You'll need the cluster management URL (https://<host>:9443) and admin credentials from your Redis Enterprise admin console.
redisctl profile set my-enterprise --type enterprise \
--url "https://cluster.example.com:9443" \
--username "admin@cluster.local" \
--password "your-password"
Database (Direct Redis Connection)¶
For direct connections to Redis databases:
redisctl profile set my-cache --type database \
--host "redis-12345.cloud.redislabs.com" \
--port 12345 \
--password "your-password"
Database profiles support these options:
| Option | Description | Default |
|---|---|---|
--host |
Redis server hostname | (required) |
--port |
Redis server port | (required) |
--password |
Redis password | (none) |
--username |
Redis ACL username (Redis 6+) | default |
--no-tls |
Disable TLS | TLS enabled |
--db |
Redis database number | 0 |
Example for local development without TLS:
Using Profiles¶
Per-Command¶
# With explicit prefix
redisctl --profile prod cloud subscription list
redisctl --profile dev enterprise cluster get
# Prefix optional — profile type tells the CLI which platform
redisctl --profile prod subscription list
redisctl --profile dev cluster get
Default Profiles¶
Set defaults for each profile type:
# Set default Cloud profile
redisctl profile default-cloud prod-cloud
# Set default Enterprise profile
redisctl profile default-enterprise prod-cluster
# Set default Database profile
redisctl profile default-database my-cache
Now commands use the appropriate default automatically:
redisctl cloud subscription list # Uses prod-cloud
redisctl enterprise cluster get # Uses prod-cluster
Platform Inference¶
When your configuration makes the platform unambiguous, you can omit the cloud or enterprise prefix entirely. The CLI infers the correct platform from your profile.
How It Works¶
Cloud-only commands — never need a prefix:
subscription,account,payment-method,cloud-account,essentials,vpc-peering,transit-gateway,private-link
Enterprise-only commands — never need a prefix:
cluster,node,shard,module,logs,stats,support-package,debuginfo,diagnostics,endpoint,crdb,ldap,alert
Shared commands — inferred from your default profile:
database,user,acl,role
When You Still Need Prefixes¶
- Both cloud and enterprise profiles configured with no default — the CLI can't guess which you mean
- Scripts and automation — explicit prefixes make scripts config-independent
--profileflag — when overriding the default, the prefix is optional since the profile type is known
# Explicit for clarity in scripts
redisctl cloud database list --subscription-id 123
# --profile makes the platform clear, so prefix is optional
redisctl --profile prod-cluster database list
Override with Environment¶
Environment variables override profile settings:
# Profile says one thing, env var wins
export REDIS_CLOUD_API_KEY="override-key"
redisctl --profile prod cloud subscription list # Uses override-key
Tags¶
Organize profiles with tags when managing many deployments:
# Add tags when creating a profile
redisctl profile set prod-cloud --type cloud \
--api-key "$KEY" \
--api-secret "$SECRET" \
--tag prod --tag us-east
# Add tags to an existing profile
redisctl profile set prod-cloud --tag prod --tag us-east
Tags are repeatable -- pass --tag multiple times for multiple tags. When updating a profile, existing tags are preserved unless you provide new ones.
Filter by Tag¶
# Show only profiles tagged "prod"
redisctl profile list --tag prod
# Show profiles tagged "us-east" or "us-west" (matches any)
redisctl profile list --tag us-east --tag us-west
Managing Profiles¶
List All Profiles¶
Profiles:
Cloud:
* prod-cloud (default) [prod, us-east]
dev-cloud
Enterprise:
* prod-cluster (default) [prod]
staging-cluster [staging]
Database:
* my-cache (default)
local-redis
Show Profile Details¶
Delete a Profile¶
Validate Configuration¶
# Check profile config for errors
redisctl profile validate
# Also test actual API/database connectivity
redisctl profile validate --connect
Shell Prompt Integration¶
Display the active profile name in your shell prompt:
Example shell integration (bash/zsh):
# Add to .bashrc or .zshrc
redis_profile() {
local profile
profile=$(redisctl profile current --type cloud 2>/dev/null)
if [ -n "$profile" ]; then
echo " [redis:${profile}]"
fi
}
PS1='$(redis_profile)\$ '
The --type flag is required and accepts cloud, enterprise, or database. You can also use the alias redisctl profile active.
Secure Storage¶
Default is Plaintext
By default, credentials are stored in plaintext. Use one of the secure options below for sensitive environments.
Option 1: OS Keyring¶
Store credentials in macOS Keychain, Windows Credential Manager, or Linux Secret Service:
# Create profile with keyring storage
redisctl profile set prod --type cloud \
--api-key "$KEY" \
--api-secret "$SECRET" \
--use-keyring
The config file only stores a reference:
[profiles.prod]
deployment_type = "cloud"
api_key = "keyring:prod-api-key"
api_secret = "keyring:prod-api-secret"
Option 2: Environment References¶
Store references to environment variables:
redisctl profile set prod --type cloud \
--api-key '${REDIS_CLOUD_API_KEY}' \
--api-secret '${REDIS_CLOUD_SECRET_KEY}'
Variables are resolved at runtime. Great for CI/CD where secrets are injected.
Configuration File Location¶
| Platform | Path |
|---|---|
| Linux | ~/.config/redisctl/config.toml |
| macOS | ~/.config/redisctl/config.toml |
| Windows | %APPDATA%\redis\redisctl\config.toml |
Example Configuration¶
default_cloud = "prod-cloud"
default_enterprise = "prod-cluster"
default_database = "my-cache"
[profiles.prod-cloud]
deployment_type = "cloud"
api_key = "keyring:prod-api-key"
api_secret = "keyring:prod-api-secret"
tags = ["prod", "us-east"]
[profiles.prod-cluster]
deployment_type = "enterprise"
url = "https://prod-cluster:9443"
username = "admin@cluster.local"
password = "${PROD_PASSWORD}"
tags = ["prod"]
[profiles.dev-cluster]
deployment_type = "enterprise"
url = "https://dev-cluster:9443"
username = "admin@cluster.local"
password = "${DEV_PASSWORD}"
insecure = true
tags = ["dev"]
[profiles.my-cache]
deployment_type = "database"
host = "redis-12345.cloud.redislabs.com"
port = 12345
password = "keyring:my-cache-password"
tls = true
username = "default"
[profiles.local-redis]
deployment_type = "database"
host = "localhost"
port = 6379
tls = false