TenantsDB - Redis

Redis

In-memory data store for caching, sessions, queues, and real-time data. Sub-millisecond reads and writes.

Through TenantsDB, each tenant gets isolated key-value storage on a shared Redis instance. The proxy automatically prefixes every key with the tenant's namespace, so tenants never see each other's data. Your app connects with any standard Redis client. No SDK needed.

Redis works differently from the SQL and MongoDB databases in TenantsDB. There is no schema, no tables, no blueprints, and no DDL. You create a Redis workspace to define settings (TTL rules, key limits, patterns), then create tenants. Each tenant connects and starts using Redis commands immediately.

Redis also uses a different authentication scheme. Instead of project_id:proxy_password, Redis uses tenant_id:api_key. TLS is enabled via the rediss:// scheme (double-s) for all clients.

Connect to Workspace

Test your Redis setup and configure settings. Use workspace as the tenant ID.

Shell

redis-cli --tls -u "rediss://workspace:[email protected]:6379/0"

The workspace connection lets you test commands and verify settings before creating tenants. Data written to the workspace is separate from tenant data.

Redis has no schema or blueprints. The workspace is for testing and settings configuration only. There is no DDL to track or deploy.

Connect to Tenant

Each tenant connects with their own tenant ID. Keys are automatically isolated.

acme

Shell

redis-cli --tls -u "rediss://acme:[email protected]:6379/0"

globex

Shell

redis-cli --tls -u "rediss://globex:[email protected]:6379/0"

Same API key, different tenant ID. Keys are automatically prefixed for isolation. Tenant acme and tenant globex can both have a key called user:1 with different values.

Add Data

Redis supports strings, hashes, lists, sets, and sorted sets. No schema required.

Redis

# Strings
SET user:1 "Alice"
SET user:2 "Bob"

# Hashes (structured data)
HSET account:1 name "Alice" balance 1000
HSET account:2 name "Bob" balance 2000

# With expiration (seconds)
SET session:abc "session_data" EX 3600

# Lists (queues)
LPUSH queue:jobs "job1" "job2" "job3"

All standard Redis commands work through the proxy. The proxy transparently prefixes keys for tenant isolation on L1 shared instances. Your application never needs to handle prefixing.

Clients

Copy-paste examples for every supported client. Each example connects to a tenant. For workspace connections, use workspace as the tenant ID.

ioredis (Node.js)

JavaScript

const Redis = require('ioredis');

const redis = new Redis(process.env.REDIS_URL);
// REDIS_URL=rediss://acme:[email protected]:6379/0

// String
await redis.set('user:1', 'Alice');
const name = await redis.get('user:1');

// Hash
await redis.hset('account:1', 'name', 'Alice', 'balance', '1000');
const balance = await redis.hget('account:1', 'balance');

// With expiration
await redis.set('session:abc', 'data', 'EX', 3600);

Install

npm install ioredis

ioredis handles the rediss:// scheme natively for TLS connections.

redis-py (Python)

Python

import redis
import os

r = redis.from_url(os.environ['REDIS_URL'])
# REDIS_URL=rediss://acme:[email protected]:6379/0

# String
r.set('user:1', 'Alice')
name = r.get('user:1')  # b"Alice"

# Hash
r.hset('account:1', mapping={'name': 'Alice', 'balance': '1000'})
balance = r.hget('account:1', 'balance')  # b"1000"

# With expiration
r.set('session:abc', 'data', ex=3600)

Install

pip install redis

redis-py returns bytes by default. Use decode_responses=True in the connection to get strings instead.

Go (go-redis)

package main

import (
    "context"
    "fmt"
    "os"
    "time"

    "github.com/redis/go-redis/v9"
)

func main() {
    ctx := context.Background()

    opt, _ := redis.ParseURL(os.Getenv("REDIS_URL"))
    // REDIS_URL=rediss://acme:[email protected]:6379/0
    rdb := redis.NewClient(opt)

    // String
    rdb.Set(ctx, "user:1", "Alice", 0)
    name, _ := rdb.Get(ctx, "user:1").Result()
    fmt.Println(name)

    // Hash
    rdb.HSet(ctx, "account:1", "name", "Alice", "balance", "1000")
    balance, _ := rdb.HGet(ctx, "account:1", "balance").Result()
    fmt.Println(balance)

    // With expiration
    rdb.Set(ctx, "session:abc", "data", 60*time.Second)
}

Install

go get github.com/redis/go-redis/v9

go-redis parses the rediss:// scheme and enables TLS automatically.

Authentication

Redis uses a different authentication scheme from the other databases.

Database	Username	Password
PostgreSQL, MySQL, MongoDB	`project_id` (e.g., `tdb_2abf90d3`)	`proxy_password`
Redis	`tenant_id` (e.g., `acme`)	`api_key` (e.g., `tenantsdb_sk_...`)

Redis uses the tenant ID as the username because tenant isolation happens at the connection level. The proxy identifies which tenant is connecting from the username and prefixes all keys accordingly. For workspace access, use workspace as the username.

Proxy Behavior

Redis-specific details about how the proxy handles your commands.

Key Prefixing (L1)

On L1 shared instances, all tenants share the same Redis server. The proxy isolates tenants by automatically prefixing every key with the tenant's namespace. Your application sends SET user:1 "Alice" and the proxy stores it as tdb_xxx_tenant_acme:user:1. On read, the prefix is stripped. Your application never sees the prefix.

Settings Enforcement

Redis settings are configured per workspace and differ from the SQL and MongoDB settings.

Setting	Description
default_ttl	Default expiration (seconds) applied to keys that don't have an explicit TTL set.
max_keys	Maximum number of keys allowed per tenant.
patterns	Pattern-specific TTL rules. Each pattern (e.g., `session:*`) can have its own TTL and an `enforced` flag that overrides user-set TTLs.

TLS

All connections require TLS. Use the rediss:// scheme (double-s) in your connection URL. TLS is terminated at the edge by HAProxy. Every Redis client library supports rediss:// natively.

Limits

There are no proxy-level size restrictions. The Redis native limit of 512MB per value applies. Keep in mind that large values use their full size in memory on the Redis server. Connection strings stay the same when tenants migrate between L1 and L2.

←

→

→