@@ -168,7 +168,10 @@ uvx --from redis-mcp-server@latest redis-mcp-server --help
168168
169169### Environment variables
170170
171- The full set of environment variables is shown in the table below:
171+ The full set of environment variables is shown in the table below. The
172+ ` REDIS_ENTRAID_XXX ` variables (used for EntraID authentication to
173+ Azure Managed Redis) are described in the
174+ [ EntraID authentication] ( #entraid-authentication ) section.
172175
173176| Name | Description | Default Value |
174177| ----------------------| -----------------------------| ---------------|
@@ -184,6 +187,14 @@ The full set of environment variables is shown in the table below:
184187| ` REDIS_CERT_REQS ` | Whether the client should verify the server's certificate | ` "required" ` |
185188| ` REDIS_CA_CERTS ` | Path to the trusted CA certificates file | None |
186189| ` REDIS_CLUSTER_MODE ` | Enable Redis Cluster mode | ` False ` |
190+ | ` REDIS_ENTRAID_AUTH_FLOW ` | Authentication flow type | None (EntraID disabled) |
191+ | ` REDIS_ENTRAID_CLIENT_ID ` | Service Principal client ID | None |
192+ | ` REDIS_ENTRAID_CLIENT_SECRET ` | Service Principal client secret | None |
193+ | ` REDIS_ENTRAID_TENANT_ID ` | Azure tenant ID | None |
194+ | ` REDIS_ENTRAID_IDENTITY_TYPE ` | Managed identity type | ` "system_assigned" ` |
195+ | ` REDIS_ENTRAID_USER_ASSIGNED_CLIENT_ID ` | User-assigned managed identity client ID | None |
196+ | ` REDIS_ENTRAID_SCOPES ` | OAuth scopes for Default Azure Credential | ` "https://redis.azure.com/.default" ` |
197+ | ` REDIS_ENTRAID_RESOURCE ` | Azure Redis resource identifier | ` "https://redis.azure.com/" ` |
187198
188199### Command line options
189200
@@ -205,6 +216,45 @@ The full set of command line options is shown in the table below:
205216| ` --ssl-ca-certs ` | Path to the trusted CA certificates file | |
206217| ` --cluster-mode ` | Enable Redis Cluster mode | ` False ` |
207218
219+ ### EntraID authentication
220+
221+ The Redis MCP Server supports EntraID (Azure Active Directory) authentication
222+ for Azure Managed Redis, enabling OAuth-based authentication with automatic token management. This uses redis-py's [ redis-entra-id] ({{< relref "/develop/clients/redis-py/amr" >}}) library to offer:
223+
224+ - ** Automatic token renewal** - Refreshes tokens in the background with no manual intervention
225+ - ** Graceful fallback** - Falls back to standard Redis authentication when EntraID is not configured
226+ - ** Multiple auth flows** - Supports Service Principal, Managed Identity, and Default Azure Credential
227+ - ** Enterprise capabilities** - Designed for Azure Managed Redis with centralized identity management
228+
229+ Use the ` REDIS_ENTRAID_XXX ` environment variables to configure EntraID authentication.
230+ Some common configurations are:
231+
232+ - ** Local development with Azure CLI** :
233+ ``` bash
234+ # Login with Azure CLI
235+ az login
236+
237+ # Configure MCP server
238+ export REDIS_ENTRAID_AUTH_FLOW=default_credential
239+ export REDIS_URL=redis://your-azure-redis.redis.cache.windows.net:6379
240+ ```
241+ - ** Production usage with Service Principal** :
242+
243+ ``` bash
244+ export REDIS_ENTRAID_AUTH_FLOW=service_principal
245+ export REDIS_ENTRAID_CLIENT_ID=your-app-client-id
246+ export REDIS_ENTRAID_CLIENT_SECRET=your-app-secret
247+ export REDIS_ENTRAID_TENANT_ID=your-tenant-id
248+ export REDIS_URL=redis://your-azure-redis.redis.cache.windows.net:6379
249+ ```
250+ - ** Azure-hosted application with Managed Identity** :
251+
252+ ``` bash
253+ export REDIS_ENTRAID_AUTH_FLOW=managed_identity
254+ export REDIS_ENTRAID_IDENTITY_TYPE=system_assigned
255+ export REDIS_URL=redis://your-azure-redis.redis.cache.windows.net:6379
256+ ```
257+
208258## Redis Cloud MCP
209259
210260A separate MCP server is available for
0 commit comments