{
  "id": "deploy",
  "title": "Deploy a pipeline",
  "url": "https://redis.io/docs/latest/integrate/redis-data-integration/data-pipelines/deploy/",
  "summary": "Learn how to deploy an RDI pipeline",
  "tags": [
    "docs",
    "integrate",
    "rs",
    "rdi"
  ],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "page_type": "content",
  "content_hash": "6c253126185ac21c334d7a06e39e14b0af24902b8781dad3446acac475a6632b",
  "sections": [
    {
      "id": "overview",
      "title": "Overview",
      "role": "overview",
      "text": "The sections below explain how to deploy a pipeline after you have created the required\n[configuration]()."
    },
    {
      "id": "set-secrets",
      "title": "Set secrets",
      "role": "content",
      "text": "Before you deploy your pipeline, you must set the authentication secrets for the\nsource and target databases. Each secret has a name that you can pass to the\n[`redis-di set-secret`]()\ncommand (VM deployment) or the `rdi-secret.sh` script (K8s deployment) to set the secret value. \nYou can then refer to these secrets in the `config.yaml` file using the syntax \"`${SECRET_NAME}`\"\n(the sample\n[config.yaml file]()\nshows these secrets in use).\n\nThe table below lists all valid secret names. Note that the\nusername and password are required for the source and target, but the other\nsecrets are only relevant for TLS/mTLS connections.\n\n| Secret name | Description |\n| :-- | :-- |\n| `SOURCE_DB_USERNAME` | Username for the source database |\n| `SOURCE_DB_PASSWORD` | Password for the source database |\n| `SOURCE_DB_CACERT` | (For TLS only) Source database CA certificate |\n| `SOURCE_DB_CERT` | (For mTLS only) Source database client certificate |\n| `SOURCE_DB_KEY` | (For mTLS only) Source database private key |\n| `SOURCE_DB_KEY_PASSWORD` | (For mTLS only) Source database private key password |\n| `TARGET_DB_USERNAME` | Username for the target database |\n| `TARGET_DB_PASSWORD` | Password for the target database |\n| `TARGET_DB_CACERT` | (For TLS only) Target database CA certificate |\n| `TARGET_DB_CERT` | (For mTLS only) Target database client certificate |\n| `TARGET_DB_KEY` | (For mTLS only) Target database private key |\n| `TARGET_DB_KEY_PASSWORD` | (For mTLS only) Target database private key password |"
    },
    {
      "id": "set-secrets-for-vm-deployment",
      "title": "Set secrets for VM deployment",
      "role": "content",
      "text": "Use [`redis-di set-secret`]()\nto set secrets for a VM deployment. \n\nThe specific command lines for source secrets are as follows:\n\n[code example]\n\nThe corresponding command lines for target secrets are:\n\n[code example]"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script",
      "title": "Set secrets for K8s/Helm deployment using the rdi-secret.sh script",
      "role": "content",
      "text": "Use the `rdi-secret.sh` script to set secrets for a K8s/Helm deployment. To use this script, unzip the archive that contains the RDI Helm chart and navigate to the resulting folder. The `rdi-secret.sh` script is located in the `scripts` subfolder. The general pattern for using this script is:\n\n[code example]\n\nThe script also lets you retrieve a specific secret or list all the secrets that have been set:\n\n[code example]\n\nThe specific command lines for source secrets are as follows:\n\n[code example]\n\nThe corresponding command lines for target secrets are:\n\n[code example]"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command",
      "title": "Set secrets for K8s/Helm deployment using Kubectl command",
      "role": "content",
      "text": "In some scenarios, you may prefer to use [`kubectl create secret generic`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_generic/)\nto set secrets for a K8s/Helm deployment. The general pattern of the commands is:\n\n[code example]\n\nWhere `<DB>` is either `source-db` for source secrets or `target-db` for target secrets.\n\nIf you use TLS or mTLS for either the source or target databases, you also need to create the `source-db-ssl` and/or `target-db-ssl` K8s secrets that contain the certificates used to establish secure connections. The general pattern of the commands is:\n\n[code example]\n\nThe specific command lines for source secrets are as follows:\n\n[code example]\n\nThe corresponding command lines for target secrets are:\n\n[code example]\n\nNote that the certificate paths contained in the secrets `SOURCE_DB_CACERT`, `SOURCE_DB_CERT`, and `SOURCE_DB_KEY` (for the source database) and `TARGET_DB_CACERT`, `TARGET_DB_CERT`, and `TARGET_DB_KEY` (for the target database) are internal to RDI, so you *must* use the values shown in the example above. You should only change the certificate paths when you create the `source-db-ssl` and `target-db-ssl` secrets."
    },
    {
      "id": "deploy-a-pipeline",
      "title": "Deploy a pipeline",
      "role": "content",
      "text": "When you have created your configuration, including the [jobs](), you are\nready to deploy. Use [Redis Insight]()\nto configure and deploy pipelines for both VM and K8s installations.\n\nFor VM installations, you can also use the\n[`redis-di deploy`]()\ncommand to deploy a pipeline:\n\n[code example]"
    }
  ],
  "examples": [
    {
      "id": "set-secrets-for-vm-deployment-ex0",
      "language": "bash",
      "code": "# For username and password\nredis-di set-secret SOURCE_DB_USERNAME yourUsername\nredis-di set-secret SOURCE_DB_PASSWORD yourPassword\n\n# With source TLS, in addition to the above\nredis-di set-secret SOURCE_DB_CACERT /path/to/myca.crt\n\n# With source mTLS, in addition to the above\nredis-di set-secret SOURCE_DB_CERT /path/to/myclient.crt\nredis-di set-secret SOURCE_DB_KEY /path/to/myclient.key\n# Use this only if SOURCE_DB_KEY is password-protected\nredis-di set-secret SOURCE_DB_KEY_PASSWORD yourKeyPassword",
      "section_id": "set-secrets-for-vm-deployment"
    },
    {
      "id": "set-secrets-for-vm-deployment-ex1",
      "language": "bash",
      "code": "# For username and password\nredis-di set-secret TARGET_DB_USERNAME yourUsername\nredis-di set-secret TARGET_DB_PASSWORD yourPassword\n\n# With target TLS, in addition to the above\nredis-di set-secret TARGET_DB_CACERT /path/to/myca.crt\n\n# With target mTLS, in addition to the above\nredis-di set-secret TARGET_DB_CERT /path/to/myclient.crt\nredis-di set-secret TARGET_DB_KEY /path/to/myclient.key\n# Use this only if TARGET_DB_KEY is password-protected\nredis-di set-secret TARGET_DB_KEY_PASSWORD yourKeyPassword",
      "section_id": "set-secrets-for-vm-deployment"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script-ex0",
      "language": "bash",
      "code": "scripts/rdi-secret.sh set <SECRET-NAME> <SECRET-VALUE>",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script-ex1",
      "language": "bash",
      "code": "# Get specific secret\nscripts/rdi-secret.sh get <SECRET-NAME>\n\n# List all secrets\nscripts/rdi-secret.sh list",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script-ex2",
      "language": "bash",
      "code": "# For username and password\nscripts/rdi-secret.sh set SOURCE_DB_USERNAME yourUsername\nscripts/rdi-secret.sh set SOURCE_DB_PASSWORD yourPassword\n\n# With source TLS, in addition to the above\nscripts/rdi-secret.sh set SOURCE_DB_CACERT /path/to/myca.crt\n\n# With source mTLS, in addition to the above\nscripts/rdi-secret.sh set SOURCE_DB_CERT /path/to/myclient.crt\nscripts/rdi-secret.sh set SOURCE_DB_KEY /path/to/myclient.key\n# Use this only if SOURCE_DB_KEY is password-protected\nscripts/rdi-secret.sh set SOURCE_DB_KEY_PASSWORD yourKeyPassword",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script-ex3",
      "language": "bash",
      "code": "# For username and password\nscripts/rdi-secret.sh set TARGET_DB_USERNAME yourUsername\nscripts/rdi-secret.sh set TARGET_DB_PASSWORD yourPassword\n\n# With target TLS, in addition to the above\nscripts/rdi-secret.sh set TARGET_DB_CACERT /path/to/myca.crt\n\n# With target mTLS, in addition to the above\nscripts/rdi-secret.sh set TARGET_DB_CERT /path/to/myclient.crt\nscripts/rdi-secret.sh set TARGET_DB_KEY /path/to/myclient.key\n# Use this only if TARGET_DB_KEY is password-protected\nscripts/rdi-secret.sh set TARGET_DB_KEY_PASSWORD yourKeyPassword",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-the-rdi-secret-sh-script"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command-ex0",
      "language": "bash",
      "code": "kubectl create secret generic <DB> \\\n--namespace=rdi \\\n--from-literal=<SECRET-NAME>=<SECRET-VALUE>",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command-ex1",
      "language": "bash",
      "code": "kubectl create secret generic <DB>-ssl \\\n--namespace=rdi \\\n--from-file=<FILE-NAME>=<FILE-PATH>",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command-ex2",
      "language": "bash",
      "code": "# Without source TLS\n# Create or update source-db secret\nkubectl create secret generic source-db --namespace=rdi \\\n--from-literal=SOURCE_DB_USERNAME=yourUsername \\\n--from-literal=SOURCE_DB_PASSWORD=yourPassword \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n\n# With source TLS\n# Create of update source-db secret\nkubectl create secret generic source-db --namespace=rdi \\\n--from-literal=SOURCE_DB_USERNAME=yourUsername \\\n--from-literal=SOURCE_DB_PASSWORD=yourPassword \\\n--from-literal=SOURCE_DB_CACERT=/etc/certificates/source_db/ca.crt \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n# Create or update source-db-ssl secret\nkubectl create secret generic source-db-ssl --namespace=rdi \\\n--from-file=ca.crt=/path/to/myca.crt \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n\n# With source mTLS\n# Create or update source-db secret\nkubectl create secret generic source-db --namespace=rdi \\\n--from-literal=SOURCE_DB_USERNAME=yourUsername \\\n--from-literal=SOURCE_DB_PASSWORD=yourPassword \\\n--from-literal=SOURCE_DB_CACERT=/etc/certificates/source_db/ca.crt \\\n--from-literal=SOURCE_DB_CERT=/etc/certificates/source_db/client.crt \\\n--from-literal=SOURCE_DB_KEY=/etc/certificates/source_db/client.key \\\n--from-literal=SOURCE_DB_KEY_PASSWORD=yourKeyPassword \\ # add this only if SOURCE_DB_KEY is password-protected\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n# Create or update source-db-ssl secret\nkubectl create secret generic source-db-ssl --namespace=rdi \\\n--from-file=ca.crt=/path/to/myca.crt \\\n--from-file=client.crt=/path/to/myclient.crt \\\n--from-file=client.key=/path/to/myclient.key \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command"
    },
    {
      "id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command-ex3",
      "language": "bash",
      "code": "# Without target TLS\n# Create or update target-db secret\nkubectl create secret generic target-db --namespace=rdi \\\n--from-literal=TARGET_DB_USERNAME=yourUsername \\\n--from-literal=TARGET_DB_PASSWORD=yourPassword \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n\n# With target TLS\n# Create of update target-db secret\nkubectl create secret generic target-db --namespace=rdi \\\n--from-literal=TARGET_DB_USERNAME=yourUsername \\\n--from-literal=TARGET_DB_PASSWORD=yourPassword \\\n--from-literal=TARGET_DB_CACERT=/etc/certificates/target_db/ca.crt \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n# Create or update target-db-ssl secret\nkubectl create secret generic target-db-ssl --namespace=rdi \\\n--from-file=ca.crt=/path/to/myca.crt \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n\n# With target mTLS\n# Create or update target-db secret\nkubectl create secret generic target-db --namespace=rdi \\\n--from-literal=TARGET_DB_USERNAME=yourUsername \\\n--from-literal=TARGET_DB_PASSWORD=yourPassword \\\n--from-literal=TARGET_DB_CACERT=/etc/certificates/target_db/ca.crt \\\n--from-literal=TARGET_DB_CERT=/etc/certificates/target_db/client.crt \\\n--from-literal=TARGET_DB_KEY=/etc/certificates/target_db/client.key \\\n--from-literal=TARGET_DB_KEY_PASSWORD=yourKeyPassword \\ # add this only if TARGET_DB_KEY is password-protected\n--save-config --dry-run=client -o yaml | kubectl apply -f -\n# Create or update target-db-ssl secret\nkubectl create secret generic target-db-ssl --namespace=rdi \\\n--from-file=ca.crt=/path/to/myca.crt \\\n--from-file=client.crt=/path/to/myclient.crt \\\n--from-file=client.key=/path/to/myclient.key \\\n--save-config --dry-run=client -o yaml | kubectl apply -f -",
      "section_id": "set-secrets-for-k8s-helm-deployment-using-kubectl-command"
    },
    {
      "id": "deploy-a-pipeline-ex0",
      "language": "bash",
      "code": "redis-di deploy --dir <path to pipeline folder>",
      "section_id": "deploy-a-pipeline"
    }
  ]
}