From 67fd57ebc1a8398266cbdc0f6a2fcb63ea5323d2 Mon Sep 17 00:00:00 2001 From: Andy Stark Date: Thu, 6 Nov 2025 13:03:08 +0000 Subject: [PATCH] DOC-5929 added AMR/EntraID details and config --- content/integrate/redis-mcp/install.md | 52 +++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/content/integrate/redis-mcp/install.md b/content/integrate/redis-mcp/install.md index d4220c2f63..35826c6b7a 100644 --- a/content/integrate/redis-mcp/install.md +++ b/content/integrate/redis-mcp/install.md @@ -168,7 +168,10 @@ uvx --from redis-mcp-server@latest redis-mcp-server --help ### Environment variables -The full set of environment variables is shown in the table below: +The full set of environment variables is shown in the table below. The +`REDIS_ENTRAID_XXX` variables (used for EntraID authentication to +Azure Managed Redis) are described in the +[EntraID authentication](#entraid-authentication) section. | Name | Description | Default Value | |----------------------|-----------------------------|---------------| @@ -184,6 +187,14 @@ The full set of environment variables is shown in the table below: | `REDIS_CERT_REQS` | Whether the client should verify the server's certificate | `"required"` | | `REDIS_CA_CERTS` | Path to the trusted CA certificates file | None | | `REDIS_CLUSTER_MODE` | Enable Redis Cluster mode | `False` | +| `REDIS_ENTRAID_AUTH_FLOW` | Authentication flow type | None (EntraID disabled) | +| `REDIS_ENTRAID_CLIENT_ID` | Service Principal client ID | None | +| `REDIS_ENTRAID_CLIENT_SECRET` | Service Principal client secret | None | +| `REDIS_ENTRAID_TENANT_ID` | Azure tenant ID | None | +| `REDIS_ENTRAID_IDENTITY_TYPE` | Managed identity type | `"system_assigned"` | +| `REDIS_ENTRAID_USER_ASSIGNED_CLIENT_ID` | User-assigned managed identity client ID | None | +| `REDIS_ENTRAID_SCOPES` | OAuth scopes for Default Azure Credential | `"https://redis.azure.com/.default"` | +| `REDIS_ENTRAID_RESOURCE` | Azure Redis resource identifier | `"https://redis.azure.com/"` | ### Command line options @@ -205,6 +216,45 @@ The full set of command line options is shown in the table below: | `--ssl-ca-certs` | Path to the trusted CA certificates file | | | `--cluster-mode` | Enable Redis Cluster mode | `False` | +### EntraID authentication + +The Redis MCP Server supports EntraID (Azure Active Directory) authentication +for Azure Managed Redis, enabling OAuth-based authentication with automatic token management. This uses redis-py's [redis-entra-id]({{< relref "/develop/clients/redis-py/amr" >}}) library to offer: + +- **Automatic token renewal** - Refreshes tokens in the background with no manual intervention +- **Graceful fallback** - Falls back to standard Redis authentication when EntraID is not configured +- **Multiple auth flows** - Supports Service Principal, Managed Identity, and Default Azure Credential +- **Enterprise capabilities** - Designed for Azure Managed Redis with centralized identity management + +Use the `REDIS_ENTRAID_XXX` environment variables to configure EntraID authentication. +Some common configurations are: + +- **Local development with Azure CLI**: + ```bash + # Login with Azure CLI + az login + + # Configure MCP server + export REDIS_ENTRAID_AUTH_FLOW=default_credential + export REDIS_URL=redis://your-azure-redis.redis.cache.windows.net:6379 + ``` +- **Production usage with Service Principal**: + + ```bash + export REDIS_ENTRAID_AUTH_FLOW=service_principal + export REDIS_ENTRAID_CLIENT_ID=your-app-client-id + export REDIS_ENTRAID_CLIENT_SECRET=your-app-secret + export REDIS_ENTRAID_TENANT_ID=your-tenant-id + export REDIS_URL=redis://your-azure-redis.redis.cache.windows.net:6379 + ``` +- **Azure-hosted application with Managed Identity**: + + ```bash + export REDIS_ENTRAID_AUTH_FLOW=managed_identity + export REDIS_ENTRAID_IDENTITY_TYPE=system_assigned + export REDIS_URL=redis://your-azure-redis.redis.cache.windows.net:6379 + ``` + ## Redis Cloud MCP A separate MCP server is available for