{ "id": "amr", "title": "Connect to Azure Managed Redis", "url": "https://redis.io/docs/latest/develop/clients/rust/amr/", "summary": "Learn how to authenticate to an Azure Managed Redis (AMR) database", "tags": [ "docs", "develop", "stack", "oss", "rs", "rc", "oss", "kubernetes", "clients" ], "last_updated": "2026-04-01T08:10:08-05:00", "page_type": "content", "content_hash": "1b9a88bc5aebe12d14d249bd84b728c97cc4050ab7c2db2ed4c541e05f60d11f", "sections": [ { "id": "overview", "title": "Overview", "role": "overview", "text": "The `entra-id` feature lets you authenticate your app to\n[Azure Managed Redis (AMR)](https://azure.microsoft.com/en-us/products/managed-redis)\nusing [Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/identity/).\nYou can authenticate using a system-assigned or user-assigned\n[managed identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview)\nor a [service principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals),\nletting the `redis-rs` connection fetch and renew the authentication tokens for you automatically." }, { "id": "install", "title": "Install", "role": "setup", "text": "Add the `entra-id` feature to your `Cargo.toml` file:\n\n[code example]" }, { "id": "create-a-entraidcredentialsprovider-instance", "title": "Create a `EntraIdCredentialsProvider` instance", "role": "content", "text": "A `EntraIdCredentialsProvider` object obtains the authentication credentials you\nneed when you connect to Redis. See the sections below to learn how\nto create the `EntraIdCredentialsProvider` instances for AMR\nusing the factory methods that the class provides." }, { "id": "entraidcredentialsprovider-for-a-service-principal", "title": "`EntraIdCredentialsProvider` for a service principal", "role": "content", "text": "Use the `new_client_secret()` factory method to create a\n`EntraIdCredentialsProvider` that authenticates to AMR using a\nservice principal (see the\n[Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals) to learn more about service principals).\n\nYou will need the following details of your service principal to make the connection:\n\n- Client ID\n- Client secret\n- Tenant ID\n\nThe example below shows how to import the required modules and call\n`new_client_secret()`:\n\n[code example]\n\nFor extra security, you can also supply a certificate:\n\n[code example]" }, { "id": "entraidcredentialsprovider-for-a-managed-identity", "title": "`EntraIdCredentialsProvider` for a managed identity", "role": "content", "text": "`EntraIdCredentialsProvider` provides two factory methods that authenticate to AMR using a\nmanaged identity:\n\n- `new_system_assigned_managed_identity()` for system-assigned managed identities\n- `new_user_assigned_managed_identity()` for user-assigned managed identities\n\nSee the\n[Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) to learn more about managed identities.\n\nThe example below shows how to import the required modules and call both methods for\nAzure-hosted applications:\n\n[code example]\n\nYou can also create a user-assigned managed identity with custom scopes and\nidentity specification:\n\n[code example]" }, { "id": "advanced-configuration", "title": "Advanced configuration", "role": "content", "text": "The examples above use the default `RetryConfig` when starting the provider.\nHowever, the `RetryConfig` class provides configuration methods that let you customise\nthe way the the provider retries token requests:\n\n[code example]\n\n`RetryConfig` provides the following configuration methods:\n\n| Method | Description |\n| --- | --- |\n| `set_number_of_retries()` | The maximum number of times to retry a token request before aborting. |\n| `set_min_delay()` | Minimum time to wait before retrying a token request after a failed attempt. This provides a mechanism to request throttling to prevent an excessive number of token requests. |\n| `set_max_delay()` | Maximum time to wait before retrying a token request after a failed attempt. |\n| `set_exponent_base()` | An `f64` value representing the fraction of a token's lifetime that should elapse before attempting to refresh it. For example, a value of 0.75 means that you want to refresh the token after 75% of its lifetime has passed. |" }, { "id": "connect", "title": "Connect", "role": "content", "text": "When you have created your `EntraIdCredentialsProvider` instance, you are ready to\nconnect to AMR. Create a connection configuration with the credentials provider and\nuse it to create a connection, as shown in the example below.\n\n[code example]" } ], "examples": [ { "id": "install-ex0", "language": "toml", "code": "[dependencies]\nredis = { version = \"1.0.4\", features = [\"entra-id\"] }", "section_id": "install" }, { "id": "entraidcredentialsprovider-for-a-service-principal-ex0", "language": "rust", "code": "use redis::{EntraIdCredentialsProvider, RetryConfig, RedisResult};\n\nfn example() -> RedisResult<()> {\n let mut provider = EntraIdCredentialsProvider::new_client_secret(\n \"your-tenant-id\".to_string(),\n \"your-client-id\".to_string(),\n \"your-client-secret\".to_string(),\n )?;\n\n provider.start(RetryConfig::default());\n Ok(())\n}", "section_id": "entraidcredentialsprovider-for-a-service-principal" }, { "id": "entraidcredentialsprovider-for-a-service-principal-ex1", "language": "rust", "code": "use redis::{\n ClientCertificate, EntraIdCredentialsProvider,\n RetryConfig, RedisResult\n};\nuse std::fs;\n\nfn example() -> RedisResult<()> {\n // Load certificate from file\n let certificate_base64 = fs::read_to_string(\n \"path/to/base64_pkcs12_certificate\"\n )\n .expect(\"Base64 PKCS12 certificate not found.\")\n .trim()\n .to_string();\n\n // Create the credentials provider using service principal with\n // client certificate\n let mut provider = EntraIdCredentialsProvider::new_client_certificate(\n \"your-tenant-id\".to_string(),\n \"your-client-id\".to_string(),\n ClientCertificate {\n base64_pkcs12: certificate_base64, // Base64 encoded PKCS12 data\n password: None,\n },\n )?;\n provider.start(RetryConfig::default());\n Ok(())\n}", "section_id": "entraidcredentialsprovider-for-a-service-principal" }, { "id": "entraidcredentialsprovider-for-a-managed-identity-ex0", "language": "rust", "code": "use redis::{EntraIdCredentialsProvider, RetryConfig, RedisResult};\n\nfn example() -> RedisResult<()> {\n // System-assigned managed identity\n let mut provider = EntraIdCredentialsProvider::new_system_assigned_managed_identity()?;\n provider.start(RetryConfig::default());\n\n // User-assigned managed identity\n let mut provider = EntraIdCredentialsProvider::new_user_assigned_managed_identity()?;\n provider.start(RetryConfig::default());\n Ok(())\n}", "section_id": "entraidcredentialsprovider-for-a-managed-identity" }, { "id": "entraidcredentialsprovider-for-a-managed-identity-ex1", "language": "rust", "code": "use redis::{EntraIdCredentialsProvider, RetryConfig, RedisResult};\nuse azure_identity::{ManagedIdentityCredentialOptions, UserAssignedId};\n\nfn example() -> RedisResult<()> {\n let mut provider = EntraIdCredentialsProvider::new_user_assigned_managed_identity_with_scopes(\n vec![\"your-scope\".to_string()],\n Some(ManagedIdentityCredentialOptions {\n // Specify the user-assigned identity using one of:\n user_assigned_id: Some(UserAssignedId::ClientId(\"your-client-id\".to_string())),\n // or: user_assigned_id: Some(UserAssignedId::ObjectId(\"your-object-id\".to_string())),\n // or: user_assigned_id: Some(UserAssignedId::ResourceId(\"your-resource-id\".to_string())),\n ..Default::default()\n }),\n )?;\n\n provider.start(RetryConfig::default());\n Ok(())\n}", "section_id": "entraidcredentialsprovider-for-a-managed-identity" }, { "id": "advanced-configuration-ex0", "language": "rust", "code": "use redis::{EntraIdCredentialsProvider, RetryConfig, RedisResult};\nuse std::time::Duration;\n\nfn example() -> RedisResult<()> {\n let mut provider = EntraIdCredentialsProvider::new_system_assigned_managed_identity()?;\n\n let retry_config = RetryConfig::default()\n .set_number_of_retries(3)\n .set_min_delay(Duration::from_millis(100))\n .set_max_delay(Duration::from_secs(30))\n .set_exponent_base(2.0);\n\n provider.start(retry_config);\n Ok(())\n}", "section_id": "advanced-configuration" }, { "id": "connect-ex0", "language": "rust", "code": "use redis::{\n Client, EntraIdCredentialsProvider,\n RetryConfig, AsyncConnectionConfig\n};\n\nasync fn example() -> redis::RedisResult<()> {\n // Create the credentials provider.\n let mut provider = EntraIdCredentialsProvider::new_system_assigned_managed_identity()?;\n provider.start(RetryConfig::default());\n\n // Create Redis client.\n let client = Client::open(\"redis://your-redis-instance.com:6380\")?;\n\n // Create a connection configuration with the credentials provider.\n let config = AsyncConnectionConfig::new().set_credentials_provider(provider);\n\n // Get a multiplexed connection with the configuration.\n let mut r = client.get_multiplexed_async_connection_with_config(&config).await?;\n \n // Use the connection.\n r.set(\"foo\", \"bar\").await?;\n\n let res: String = r.get(\"foo\").await?;\n println!(\"foo={res}\");\n\n Ok(())\n}", "section_id": "connect" } ] }