Quickstart: Use Azure Redis in Node.js

In this quickstart, you incorporate Azure Managed Redis (preview) or Azure Cache for Redis into a Node.js app. The app has access to a secure, dedicated cache that is accessible from any application within Azure.

Prerequisites

Create an Azure Managed Redis (preview) instance

  1. To create an Azure Managed Redis (preview) instance, sign in to the Azure portal and select Create a resource.

  2. On the New page, in the search box type Azure Cache for Redis.

  3. On the New Redis Cache page, configure the settings for your new cache.

    Setting Choose a value Description
    Subscription Drop down and select your subscription. The subscription under which to create this new Azure Managed Redis instance.
    Resource group Drop down and select a resource group, or select Create new and enter a new resource group name. Name for the resource group in which to create your cache and other resources. By putting all your app resources in one resource group, you can easily manage or delete them together.
    DNS name Enter a name that is unique in the region. The cache name must be a string between 1 and 63 characters when combined with the cache's region name that contain only numbers, letters, or hyphens. (If the cache name is fewer than 45 characters long it should work in all currently available regions.) The name must start and end with a number or letter, and can't contain consecutive hyphens. Your cache instance's host name is \<DNS name\>.\<Azure region\>.redis.azure.net.
    Location Drop down and select a location. Azure Managed Redis is available in selected Azure regions.
    Cache type Drop down and select the performance tier and cache size. The tier determines the performance of the Redis instance, while the cache size determines the memory available to store data. For guidance on choosing the right performance tier, see Choosing the right tier

    Screenshot showing the Azure Managed Redis Basics tab.

  4. Select Next: Networking and select either a public or private endpoint.

  5. Select Next: Advanced.

    Configure any Redis modules you wan to add to the instance.

    By default, for a new managed cache:

    • Microsoft Entra ID is enabled.
    • Access Keys Authentication is disabled for security reasons.

    Important

    For optimal security, we recommend that you use Microsoft Entra ID with managed identities to authorize requests against your cache if possible. Authorization by using Microsoft Entra ID and managed identities provides superior security and ease of use over shared access key authorization. For more information about using managed identities with your cache, see Use Microsoft Entra ID for cache authentication.

    Set Clustering policy to Enterprise for a nonclustered cache, or to OSS for a clustered cache. For more information on choosing Clustering policy, see Cluster policy.

    Screenshot that shows the Azure Managed Redis Advanced tab.

    If you're using Active geo-replication, it must be configured during creation. For more information, see Configure active geo-replication for Azure Managed Redis instances.

    Important

    You can't change the clustering policy of an Azure Managed Redis (preview) instance after you create it. If you're using RediSearch, the Enterprise cluster policy is required, and NoEviction is the only eviction policy supported.

    Important

    If you're using this cache instance in a geo-replication group, eviction policies cannot be changed after the instance is created. Be sure to know the eviction policies of your primary nodes before you create the cache. For more information on active geo-replication, see Active geo-replication prerequisites.

    Important

    You can't change modules after you create a cache instance. Modules must be enabled at the time you create an Azure Cache for Redis instance. There is no option to enable the configuration of a module after you create a cache.

  6. Select Next: Tags and skip.

  7. Select Next: Review + create.

  8. Review the settings and select Create.

    It takes several minutes for the Redis instance to create. You can monitor progress on the Azure Managed Redis Overview page. When Status shows as Running, the cache is ready to use.

Create an Azure Cache for Redis instance

  1. To create a cache, sign in to the Azure portal. On the portal menu, select Create a resource.

    Sceenshot that shows the Create a resource option highlighted on the left navigation pane in the Azure portal.

  2. On the Get Started pane, enter Azure Cache for Redis in the search bar. In the search results, find Azure Cache for Redis, and then select Create.

    Screenshot that shows Azure Marketplace with Azure Cache for Redis in the search box, and the Create button is highlighted.

  3. On the New Redis Cache pane, on the Basics tab, configure the following settings for your cache:

    Setting Action Description
    Subscription Select your Azure subscription. The subscription to use to create the new instance of Azure Cache for Redis.
    Resource group Select a resource group, or select Create new and enter a new resource group name. A name for the resource group in which to create your cache and other resources. By putting all your app resources in one resource group, you can easily manage or delete them together.
    DNS name Enter a unique name. The cache name must be a string of 1 to 63 characters that contains only numbers, letters, and hyphens. The name must start and end with a number or letter, and it can't contain consecutive hyphens. Your cache instance's host name is \<DNS name>.redis.cache.windows.net.
    Location Select a location. An Azure region that is near other services that use your cache.
    Cache SKU Select a SKU. The SKU determines the size, performance, and feature parameters that are available for the cache. For more information, see Azure Cache for Redis overview.
    Cache size Select a cache size. For more information, see Azure Cache for Redis overview.
  4. Select the Networking tab or select Next: Networking.

  5. On the Networking tab, select a connectivity method to use for the cache.

  6. Select the Advanced tab or select Next: Advanced.

  7. On the Advanced pane, verify or select an authentication method based on the following information:

    Screenshot showing the Advanced pane and the available options to select.

    • By default, for a new Basic, Standard, or Premium cache, Microsoft Entra Authentication is enabled and Access Keys Authentication is disabled.
    • For Basic or Standard caches, you can choose the selection for a non-TLS port.
    • For Standard and Premium caches, you can choose to enable availability zones. You can't disable availability zones after the cache is created.
    • For a Premium cache, configure the settings for non-TLS port, clustering, managed identity, and data persistence.

    Important

    For optimal security, we recommend that you use Microsoft Entra ID with managed identities to authorize requests against your cache if possible. Authorization by using Microsoft Entra ID and managed identities provides superior security and ease of use over shared access key authorization. For more information about using managed identities with your cache, see Use Microsoft Entra ID for cache authentication.

  8. (Optional) Select the Tags tab or select Next: Tags.

  9. (Optional) On the Tags tab, enter a tag name and value if you want to categorize your cache resource.

  10. Select the Review + create button.

    On the Review + create tab, Azure automatically validates your configuration.

  11. After the green Validation passed message appears, select Create.

A new cache deployment occurs over several minutes. You can monitor the progress of the deployment on the Azure Cache for Redis Overview pane. When Status displays Running, the cache is ready to use.

Install the node-redis client library

The node-redis library is the primary Node.js client for Redis. You can install the client with npm by using the following command:

npm install redis

Create a Node.js app to access a cache

Create a Node.js app that uses either Microsoft Entra ID or access keys to connect to an Azure Managed Redis (preview) instance. We recommend you use Microsoft Entra ID.

Use Microsoft Entra ID authentication on your cache

Azure Redis caches, except for Enterprise and Enterprise Flash tiers, have Microsoft Entra Authentication enabled by default. Access keys are disabled by default.

Important

Microsoft recommends using Microsoft Entra ID authentication for the most secure authentication experience instead of using passwords or access keys. The authentication described in this section of the article uses access keys, which require a very high degree of trust in the application and carries risks not present when using Microsoft Entra ID. Use the approach in this document only when Microsoft Entra ID authentication is not viable.

  1. In the Azure portal, select the cache where you'd like to use Microsoft Entra token-based authentication.

  2. Select Authentication from the Resource menu.

  3. Select Select member and enter the name of a valid user. The user you enter is automatically assigned Data Owner Access Policy by default when you select Save. You can also enter a managed identity or service principal to connect to your cache instance.

    Screenshot showing authentication selected in the resource menu and the enable Microsoft Entra authentication checked.

For information on using Microsoft Entra ID with Azure CLI, see the reference pages for identity.

Install the JavaScript Azure Identity client library

The Microsoft Authentication Library (MSAL) allows you to acquire security tokens from Microsoft identity to authenticate users. There's a JavaScript Azure identity client library available that uses MSAL to provide token authentication support. Install this library using npm:

npm install @azure/identity

Create a new Node.js app using Microsoft Entra ID

  1. Add environment variables for your Host name and Service Principal ID, which is the object ID of your Microsoft Entra ID service principal or user. In the Azure portal, look for the Username.

    set AZURE_MANAGED_REDIS_HOST_NAME=contosoCache
    set REDIS_SERVICE_PRINCIPAL_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    
  2. Create a new script file named redistest.js.

  3. Add the following example JavaScript to the file. This code shows you how to connect to an Azure Managed Redis instance using the cache host name and key environment variables. The code also stores and retrieves a string value in the cache. The PING and CLIENT LIST commands are also executed. For more examples of using Redis with the node-redis client, see https://redis.js.org/.

    const { createClient } = require("redis");
    const { DefaultAzureCredential } = require("@azure/identity");
    
    async function main() {
      // Construct a Token Credential from Identity library, e.g. ClientSecretCredential / ClientCertificateCredential / ManagedIdentityCredential, etc.
      const credential = new DefaultAzureCredential();
      const redisScope = "https://redis.azure.com/.default";
    
      // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
      let accessToken = await credential.getToken(redisScope);
      console.log("access Token", accessToken);
    
      // Create redis client and connect to the Azure Cache for Redis over the TLS port using the access token as password.
      const cacheConnection = createClient({
        username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
        password: accessToken.token,
        url: `redis://${process.env.AZURE_MANAGED_REDIS_HOST_NAME}:10000`,
        pingInterval: 100000,
        socket: { 
          tls: true,
          keepAlive: 0 
        },
      });
    
      cacheConnection.on("error", (err) => console.log("Redis Client Error", err));
      await cacheConnection.connect();
    
      // PING command
      console.log("\nCache command: PING");
      console.log("Cache response : " + await cacheConnection.ping());
    
      // SET
      console.log("\nCache command: SET Message");
      console.log("Cache response : " + await cacheConnection.set("Message",
          "Hello! The cache is working from Node.js!"));
    
      // GET
      console.log("\nCache command: GET Message");
      console.log("Cache response : " + await cacheConnection.get("Message"));
    
      // Client list, useful to see if connection list is growing...
      console.log("\nCache command: CLIENT LIST");
      console.log("Cache response : " + await cacheConnection.sendCommand(["CLIENT", "LIST"]));
    
      cacheConnection.disconnect();
    
      return "Done"
    }
    
    main().then((result) => console.log(result)).catch(ex => console.log(ex));
    
  4. Run the script with Node.js.

    node redistest.js
    
  5. The output of your code looks like this.

    Cache command: PING
    Cache response : PONG
    
    Cache command: GET Message
    Cache response : Hello! The cache is working from Node.js!
    
    Cache command: SET Message
    Cache response : OK
    
    Cache command: GET Message
    Cache response : Hello! The cache is working from Node.js!
    
    Cache command: CLIENT LIST
    Cache response : id=10017364 addr=76.22.73.183:59380 fd=221 name= age=1 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=26 qbuf-free=32742 argv-mem=10 obl=0 oll=0 omem=0 tot-mem=61466 ow=0 owmem=0 events=r cmd=client user=default numops=6
    
    Done
    

Create a sample JavaScript app with reauthentication

Microsoft Entra ID access tokens have a limited lifespan, averaging 75 minutes. In order to maintain a connection to your cache, you need to refresh the token. This example demonstrates how to do this using JavaScript.

  1. Create a new script file named redistestreauth.js.

  2. Add the following example JavaScript to the file.

     const { createClient } = require("redis");
     const { DefaultAzureCredential } = require("@azure/identity");
    
     async function returnPassword(credential) {
         const redisScope = "https://redis.azure.com/.default";
    
         // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
         return credential.getToken(redisScope);
     }
    
     async function main() {
       // Construct a Token Credential from Identity library, e.g. ClientSecretCredential / ClientCertificateCredential / ManagedIdentityCredential, etc.
       const credential = new DefaultAzureCredential();
       let accessToken = await returnPassword(credential);
    
       // Create redis client and connect to the Azure Cache for Redis over the TLS port using the access token as password.
       let cacheConnection = createClient({
         username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
         password: accessToken.token,
         url: `redis://${process.env.AZURE_MANAGED_REDIS_HOST_NAME}:10000`,
         pingInterval: 100000,
         socket: { 
           tls: true,
           keepAlive: 0 
         },
       });
    
       cacheConnection.on("error", (err) => console.log("Redis Client Error", err));
       await cacheConnection.connect();
    
       for (let i = 0; i < 3; i++) {
         try {
             // PING command
             console.log("\nCache command: PING");
             console.log("Cache response : " + await cacheConnection.ping());
    
             // SET
             console.log("\nCache command: SET Message");
             console.log("Cache response : " + await cacheConnection.set("Message",
                 "Hello! The cache is working from Node.js!"));
    
             // GET
             console.log("\nCache command: GET Message");
             console.log("Cache response : " + await cacheConnection.get("Message"));
    
             // Client list, useful to see if connection list is growing...
             console.log("\nCache command: CLIENT LIST");
             console.log("Cache response : " + await cacheConnection.sendCommand(["CLIENT", "LIST"]));
           break;
         } catch (e) {
           console.log("error during redis get", e.toString());
           if ((accessToken.expiresOnTimestamp <= Date.now())|| (redis.status === "end" || "close") ) {
             await redis.disconnect();
             accessToken = await returnPassword(credential);
             cacheConnection = createClient({
               username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
               password: accessToken.token,
               url: `redis://${process.env.AZURE_MANAGED_REDIS_HOST_NAME}:10000`,
               pingInterval: 100000,
               socket: {
                 tls: true,
                 keepAlive: 0
               },
             });
           }
         }
       }
     }
    
     main().then((result) => console.log(result)).catch(ex => console.log(ex));
    
  3. Run the script with Node.js.

    node redistestreauth.js
    
  4. The output of your code looks like this.

     Cache command: PING
     Cache response : PONG
    
     Cache command: GET Message
     Cache response : Hello! The cache is working from Node.js!
    
     Cache command: SET Message
     Cache response : OK
    
     Cache command: GET Message
     Cache response : Hello! The cache is working from Node.js!
    
     Cache command: CLIENT LIST
     Cache response : id=10017364 addr=76.22.73.183:59380 fd=221 name= age=1 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=26 qbuf-free=32742 argv-mem=10 obl=0 oll=0 omem=0 tot-mem=61466 ow=0 owmem=0 events=r cmd=client user=default numops=6
    
    

Note

For additional examples of using Microsoft Entra ID to authenticate to Redis using the node-redis library, please see this GitHub repo

Create a Node.js app to access a cache

Create a Node.js app that uses either Microsoft Entra ID or access keys to connect to an Azure Cache for Redis. We recommend you use Microsoft Entra ID.

Use Microsoft Entra ID authentication on your cache

Azure Redis caches, except for Enterprise and Enterprise Flash tiers, have Microsoft Entra Authentication enabled by default. Access keys are disabled by default.

Important

Microsoft recommends using Microsoft Entra ID authentication for the most secure authentication experience instead of using passwords or access keys. The authentication described in this section of the article uses access keys, which require a very high degree of trust in the application and carries risks not present when using Microsoft Entra ID. Use the approach in this document only when Microsoft Entra ID authentication is not viable.

  1. In the Azure portal, select the cache where you'd like to use Microsoft Entra token-based authentication.

  2. Select Authentication from the Resource menu.

  3. Select Select member and enter the name of a valid user. The user you enter is automatically assigned Data Owner Access Policy by default when you select Save. You can also enter a managed identity or service principal to connect to your cache instance.

    Screenshot showing authentication selected in the resource menu and the enable Microsoft Entra authentication checked.

For information on using Microsoft Entra ID with Azure CLI, see the reference pages for identity.

Install the JavaScript Azure Identity client library

The Microsoft Authentication Library (MSAL) allows you to acquire security tokens from Microsoft identity to authenticate users. There's a JavaScript Azure identity client library available that uses MSAL to provide token authentication support. Install this library using npm:

npm install @azure/identity

Create a new Node.js app using Microsoft Entra ID

  1. Add environment variables for your Host name and Service Principal ID, which is the object ID of your Microsoft Entra ID service principal or user. In the Azure portal, look for the Username.

    set AZURE_CACHE_FOR_REDIS_HOST_NAME=contosoCache
    set REDIS_SERVICE_PRINCIPAL_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    
  2. Create a new script file named redistest.js.

  3. Add the following example JavaScript to the file. This code shows you how to connect to an Azure Cache for Redis instance using the cache host name and key environment variables. The code also stores and retrieves a string value in the cache. The PING and CLIENT LIST commands are also executed. For more examples of using Redis with the node-redis client, see https://redis.js.org/.

    const { createClient } = require("redis");
    const { DefaultAzureCredential } = require("@azure/identity");
    
    async function main() {
      // Construct a Token Credential from Identity library, e.g. ClientSecretCredential / ClientCertificateCredential / ManagedIdentityCredential, etc.
      const credential = new DefaultAzureCredential();
      const redisScope = "https://redis.azure.com/.default";
    
      // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
      let accessToken = await credential.getToken(redisScope);
      console.log("access Token", accessToken);
    
      // Create redis client and connect to the Azure Cache for Redis over the TLS port using the access token as password.
      const cacheConnection = createClient({
        username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
        password: accessToken.token,
        url: `redis://${process.env.AZURE_CACHE_FOR_REDIS_HOST_NAME}:6380`,
        pingInterval: 100000,
        socket: { 
          tls: true,
          keepAlive: 0 
        },
      });
    
      cacheConnection.on("error", (err) => console.log("Redis Client Error", err));
      await cacheConnection.connect();
    
      // PING command
      console.log("\nCache command: PING");
      console.log("Cache response : " + await cacheConnection.ping());
    
      // SET
      console.log("\nCache command: SET Message");
      console.log("Cache response : " + await cacheConnection.set("Message",
          "Hello! The cache is working from Node.js!"));
    
      // GET
      console.log("\nCache command: GET Message");
      console.log("Cache response : " + await cacheConnection.get("Message"));
    
      // Client list, useful to see if connection list is growing...
      console.log("\nCache command: CLIENT LIST");
      console.log("Cache response : " + await cacheConnection.sendCommand(["CLIENT", "LIST"]));
    
      cacheConnection.disconnect();
    
      return "Done"
    }
    
    main().then((result) => console.log(result)).catch(ex => console.log(ex));
    
  4. Run the script with Node.js.

    node redistest.js
    
  5. The output of your code looks like this.

    Cache command: PING
    Cache response : PONG
    
    Cache command: GET Message
    Cache response : Hello! The cache is working from Node.js!
    
    Cache command: SET Message
    Cache response : OK
    
    Cache command: GET Message
    Cache response : Hello! The cache is working from Node.js!
    
    Cache command: CLIENT LIST
    Cache response : id=10017364 addr=76.22.73.183:59380 fd=221 name= age=1 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=26 qbuf-free=32742 argv-mem=10 obl=0 oll=0 omem=0 tot-mem=61466 ow=0 owmem=0 events=r cmd=client user=default numops=6
    
    Done
    

Create a sample JavaScript app with reauthentication

Microsoft Entra ID access tokens have a limited lifespan, averaging 75 minutes. In order to maintain a connection to your cache, you need to refresh the token. This example demonstrates how to do this using JavaScript.

  1. Create a new script file named redistestreauth.js.

  2. Add the following example JavaScript to the file.

     const { createClient } = require("redis");
     const { DefaultAzureCredential } = require("@azure/identity");
    
     async function returnPassword(credential) {
         const redisScope = "https://redis.azure.com/.default";
    
         // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
         return credential.getToken(redisScope);
     }
    
     async function main() {
       // Construct a Token Credential from Identity library, e.g. ClientSecretCredential / ClientCertificateCredential / ManagedIdentityCredential, etc.
       const credential = new DefaultAzureCredential();
       let accessToken = await returnPassword(credential);
    
       // Create redis client and connect to the Azure Cache for Redis over the TLS port using the access token as password.
       let cacheConnection = createClient({
         username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
         password: accessToken.token,
         url: `redis://${process.env.AZURE_CACHE_FOR_REDIS_HOST_NAME}:6380`,
         pingInterval: 100000,
         socket: { 
           tls: true,
           keepAlive: 0 
         },
       });
    
       cacheConnection.on("error", (err) => console.log("Redis Client Error", err));
       await cacheConnection.connect();
    
       for (let i = 0; i < 3; i++) {
         try {
             // PING command
             console.log("\nCache command: PING");
             console.log("Cache response : " + await cacheConnection.ping());
    
             // SET
             console.log("\nCache command: SET Message");
             console.log("Cache response : " + await cacheConnection.set("Message",
                 "Hello! The cache is working from Node.js!"));
    
             // GET
             console.log("\nCache command: GET Message");
             console.log("Cache response : " + await cacheConnection.get("Message"));
    
             // Client list, useful to see if connection list is growing...
             console.log("\nCache command: CLIENT LIST");
             console.log("Cache response : " + await cacheConnection.sendCommand(["CLIENT", "LIST"]));
           break;
         } catch (e) {
           console.log("error during redis get", e.toString());
           if ((accessToken.expiresOnTimestamp <= Date.now())|| (redis.status === "end" || "close") ) {
             await redis.disconnect();
             accessToken = await returnPassword(credential);
             cacheConnection = createClient({
               username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
               password: accessToken.token,
               url: `redis://${process.env.AZURE_CACHE_FOR_REDIS_HOST_NAME}:6380`,
               pingInterval: 100000,
               socket: {
                 tls: true,
                 keepAlive: 0
               },
             });
           }
         }
       }
     }
    
     main().then((result) => console.log(result)).catch(ex => console.log(ex));
    
  3. Run the script with Node.js.

    node redistestreauth.js
    
  4. The output of your code looks like this.

     Cache command: PING
     Cache response : PONG
    
     Cache command: GET Message
     Cache response : Hello! The cache is working from Node.js!
    
     Cache command: SET Message
     Cache response : OK
    
     Cache command: GET Message
     Cache response : Hello! The cache is working from Node.js!
    
     Cache command: CLIENT LIST
     Cache response : id=10017364 addr=76.22.73.183:59380 fd=221 name= age=1 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=26 qbuf-free=32742 argv-mem=10 obl=0 oll=0 omem=0 tot-mem=61466 ow=0 owmem=0 events=r cmd=client user=default numops=6
    
    

Note

For additional examples of using Microsoft Entra ID to authenticate to Redis using the node-redis library, please see this GitHub repo

Clean up resources

If you want to continue to use the resources you created in this article, keep the resource group.

Otherwise, if you're finished with the resources, you can delete the Azure resource group that you created to avoid charges.

Important

Deleting a resource group is irreversible. When you delete a resource group, all the resources in it are permanently deleted. Make sure that you do not accidentally delete the wrong resource group or resources. If you created the resources inside an existing resource group that contains resources you want to keep, you can delete each resource individually instead of deleting the resource group.

To delete a resource group

  1. Sign in to the Azure portal, and then select Resource groups.

  2. Select the resource group you want to delete.

    If there are many resource groups, use the Filter for any field... box, type the name of your resource group you created for this article. Select the resource group in the results list.

    Screenshot showing a list of resource groups to delete in the working pane.

  3. Select Delete resource group.

  4. You're asked to confirm the deletion of the resource group. Type the name of your resource group to confirm, and then select Delete.

    Screenshot showing a form that requires the resource name to confirm deletion.

After a few moments, the resource group and all of its resources are deleted.

Get the sample code

Get the Node.js quickstart on GitHub.

In this quickstart, you learned how to use either Azure Managed Redis (preview) or Azure Cache for Redis from a Node.js application. Learn more about the Azure Redis offerings: