Redis rejected your authentication credentials. This occurs when you provide an incorrect password, wrong username, or use an invalid credential format when connecting to a Redis instance with ACL (Access Control List) authentication enabled.
The WRONGPASS invalid username-password pair error indicates that your Redis server rejected the authentication credentials you provided. In Redis 6.0+, this error is typically related to the ACL (Access Control List) system, which manages user-based authentication. Unlike the simpler NOAUTH error that occurs when no credentials are provided, WRONGPASS means credentials were sent but they don't match what the server has configured. This is a security measure that prevents unauthorized access to your Redis data.
Double-check that the password you are using matches the password configured on the Redis server. Common mistakes include:
- Copying the password incorrectly (extra spaces, missing characters)
- Using the wrong password if multiple Redis instances exist
- Password changed recently but not updated in your connection string
If you forgot the password, you may need to reset it through your cloud provider's console or directly on the server.
The correct authentication format depends on your Redis server version:
Redis 5.x and earlier (simple password only):
redis-cli -a your-password
redis-cli -h 127.0.0.1 -p 6379 -a your-passwordRedis 6.0+ (ACL with default user):
Use 'default' as the username with your password:
redis-cli -u redis://:[email protected]:6379
redis-cli -u redis://default:[email protected]:6379Redis 6.0+ (ACL with custom user):
Format is username:password:
redis-cli -u redis://your-username:[email protected]:6379If your password contains special characters (!, @, #, $, %, etc.), they must be URL-encoded in the connection string:
# Example: password is my@password123!
# URL-encoded: my%40password123%21
redis-cli -u redis://:my%40password123%[email protected]:6379Common encodings:
- @ becomes %40
- # becomes %23
- : becomes %3A
- ! becomes %21
Use an online URL encoder if you are unsure of the correct encoding.
Ensure your application is using the correct credentials format:
Node.js (node-redis):
const redis = require('redis');
const client = redis.createClient({
url: 'redis://:[email protected]:6379'
// For custom ACL user: 'redis://username:[email protected]:6379'
});
await client.connect();Python (redis-py):
import redis
r = redis.Redis(host='127.0.0.1', port=6379, password='your-password')
# For custom ACL user: redis.Redis(host='127.0.0.1', port=6379, username='your-user', password='your-password')Java (Jedis):
Jedis jedis = new Jedis("127.0.0.1", 6379);
jedis.auth("your-password");
// For custom ACL user: jedis.auth("your-user", "your-password");Go (go-redis):
rdb := redis.NewClient(&redis.Options{
Addr: "127.0.0.1:6379",
Password: "your-password",
})If using Redis 6.0+ with ACL, verify that the user exists and is enabled:
redis-cli ACL LISTThis command lists all ACL users and their configurations. Look for your username and check if:
- The user exists in the list
- The user has the on flag (enabled)
- The password matches what you are using
To check a specific user:
redis-cli ACL GETUSER your-usernameIf the user is disabled or missing, you may need to recreate it or contact your Redis administrator.
Check the Redis server logs to see detailed authentication attempts:
# For systemd-based systems
journalctl -u redis-server -n 50
# For Docker
docker logs -f your-redis-container
# Direct log file (if available)
tail -f /var/log/redis/redis-server.logRedis logs may show ACL LOG entries that reveal why authentication failed:
redis-cli ACL LOGThis command shows authentication attempts and reasons for failures.
Redis 6.0+ introduced the ACL system, which is a significant change from the simple requirepass authentication in earlier versions. If you recently upgraded Redis or migrated to a new version, ensure your client library supports ACL authentication. Node.js clients (node-redis) updated their authentication handling in version 3.1.0, so using an older or newer version might cause compatibility issues. For cloud-hosted Redis (AWS ElastiCache, Azure Cache for Redis, Upstash, etc.), credentials may be managed through the provider's console and could change during maintenance windows. If using Upstash or HTTP-based Redis, note that HTTP connections use a different authentication token than the traditional Redis protocol. Token expiration (especially with Entra ID or OAuth-based authentication) can also cause WRONGPASS errors. If you have a Redis cluster, ensure all nodes are properly synchronized with ACL changes, as propagation delays may cause temporary authentication failures on failover.
ERR fsync error
How to fix "ERR fsync error" in Redis
CLUSTERDOWN The cluster is down
How to fix 'CLUSTERDOWN The cluster is down' in Redis
ERR Job for redis-server.service failed because a timeout was exceeded
Job for redis-server.service failed because a timeout was exceeded
ERR Unbalanced XREAD list of streams
How to fix "ERR Unbalanced XREAD list" in Redis
ERR syntax error
How to fix "ERR syntax error" in Redis