Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
redis-entraid
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.1.0
- Maintainers
- 3
Note: redis-py-entraid 1.0.0 is the last version of redis-py that supports Python 3.9, as it has reached end of life. redis-py-entraid 1.1.0 supports Python 3.9+.
The redis-entraid Python package helps simplifying the authentication with Azure Managed Redis and Azure Cache for Redis using Microsoft Entra ID (formerly Azure Active Directory). It enables seamless integration with Azure's Redis services by fetching authentication tokens and managing the token renewal in the background. This package builds on top of redis-py and provides a structured way to authenticate by using a:
- System-assigned managed identity
- User-assigned managed identity
- Service principal
You can learn more about managed identities in the Microsoft Entra ID documentation.
Preparation
Create a service principal in Azure
In this quick start guide, you will register an application and create a service principal in Azure. Then the following credentials are used to authenticate via Entra ID:
- Tenant id
- Client id
- Client secret
Create cache and grant access
Create a Redis cache in Azure and grant your service principal access:
- Create a cache resource and wait until it was created successfully
- Navigate to
Settings/Authentication - If needed, enable Entra ID authentication
- Assign your previously created service principal to the cache
Further details are available in the AMR or ACR documentation.
Install the Entra ID package
You need to install the redis-py Entra ID package via the following command:
pip install redis-entraid
The package depends on redis-py.
Usage
Step 1 - Import the dependencies
After having installed the package, you can import its modules:
from redis import Redis
from redis_entraid.cred_provider import *
Step 2 - Create the credential provider via the factory method
Following factory methods are offered depends on authentication type you need:
create_from_managed_identity - Creates a credential provider based on a managed identity.
Managed identities allow Azure services to authenticate without needing explicit credentials, as they are automatically assigned by Azure.
create_from_service_principal - Creates a credential provider using a service principal.
A service principal is typically used when you want to authenticate as an application, rather than as a user, with Azure Active Directory.
create_from_default_azure_credential - Creates a credential provider from a Default Azure Credential.
This method allows automatic selection of the appropriate credential mechanism based on the environment
(e.g., environment variables, managed identities, service principal, interactive browser etc.).
Examples
Managed Identity
credential_provider = create_from_managed_identity(
identity_type=ManagedIdentityType.SYSTEM_ASSIGNED,
resource="https://redis.azure.com/"
)
Service principal
credential_provider = create_from_service_principal(
CLIENT_ID,
CLIENT_SECRET,
TENANT_ID
)
Default Azure Credential
credential_provider = create_from_default_azure_credential(
("https://redis.azure.com/.default",),
)
More examples available in examples folder.
Step 3 - Provide optional token renewal configuration
The default configuration would be applied, but you're able to customise it.
credential_provider = create_from_service_principal(
CLIENT_ID,
CLIENT_SECRET,
TENANT_ID,
token_manager_config=TokenManagerConfig(
expiration_refresh_ratio=0.9,
lower_refresh_bound_millis=DEFAULT_LOWER_REFRESH_BOUND_MILLIS,
token_request_execution_timeout_in_ms=DEFAULT_TOKEN_REQUEST_EXECUTION_TIMEOUT_IN_MS,
retry_policy=RetryPolicy(
max_attempts=5,
delay_in_ms=50
)
)
)
You can test the credentials provider by obtaining a token. The following example demonstrates both, a synchronous and an asynchronous approach:
# Synchronous
credential_provider.get_credentials()
# Asynchronous
await credential_provider.get_credentials_async()
Step 4 - Connect to Redis
When using Entra ID, Azure enforces TLS on your Redis connection. Here is an example that shows how to test the connection in an insecure way:
client = Redis(host=HOST, port=PORT, ssl=True, ssl_cert_reqs=None, credential_provider=credential_provider)
print("The database size is: {}".format(client.dbsize()))
FAQs
Entra ID credentials provider implementation for Redis-py client
We found that redis-entraid demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025