Context

I'm trying to create a Service Connector (preview) to access a Redis Cache from an Azure Container App. I'm using a shell script (zsh) to automate the deployment.

I've already configured secrets in my container app, including a Redis connection string:

az containerapp secret set \
  -g ${GROUP} \
  -n ${SERVICE}-demo \
  --secrets \
    redis-connectionstring="rediss://:${REDIS_PASSWORD}@${REDIS_NAME}.redis.cache.windows:6380/0"

Problem

Now I'm trying to create a Redis service connector with the following parameters:

• container: ${SERVICE}-demo
• service type: Redis Cache
• connection name: redis_connection
• subscription: Microsoft Azure Sponsorship
• Azure Cache for Redis hostname: "${REDIS_SERVER}"
• Azure Cache for Redis database: 0
• client type: Python
• authentication: System identity
• connection string: yes

I've tried several approaches based on the Azure CLI documentation:

Attempt 1

az containerapp connection create redis \
  -g ${GROUP} \
  -n ${SERVICE}-demo \
  --connection redis_connection \
  --server "${REDIS_SERVER}" \
  --database 0 \
  --client-type python \
  --system-identity \
  --secret \
    AZURE_REDIS_CONNECTIONSTRING="rediss://:${REDIS_PASSWORD}@${REDIS_NAME}.redis.cache.windows:6380/0"

This attempt failed with the error: Unsupported Key {} is provided for parameter --auto-secret

Same error with:

az containerapp connection create redis \
  -g ${GROUP} \
  -n ${SERVICE}-demo \
  --tg ${GROUP} \
  --connection redis_connection \
  --server ${REDIS_SERVER} \
  --database 0 \
  --client-type python \
  --system-identity \
  --secret \
    redis-connectionstring=secretref:redis-connectionstring

Attempt 2

New attempt without --secret parameter:

az containerapp connection create redis \
  -g ${GROUP} \
  -n ${SERVICE}-demo \
  --connection redis_connection \
  --server "${REDIS_SERVER}" \
  --database 0 \
  --client-type python \
  --system-identity

This attempt prompted me for additional parameters and displayed a message about Microsoft Entra authentication:

The container where the connection information will be saved (as environment variables).
(--container/-c): express-delivery-demo
The resource group which contains the redis server (--target-resource-group/--tg): DFYA.demo
Apply interactive input arguments: --container express-delivery-demo --target-resource-group DFYA.demo
Please enable Microsoft Entra Authentication on your Redis first.
Note that it will cause your cache instances to reboot to load new configuration and result in a failover.

Question

How can I properly configure a Redis service connector for an Azure Container App using system identity and an existing connection string? I'd like to avoid restarting my Redis cache if possible.

Manual Configuration

For your information, I can create the connection manually from the Azure Portal:

Additional Information

az --version

azure-cli                         2.70.0

core                              2.70.0
telemetry                          1.1.0

Dependencies:
msal                            1.31.2b1
azure-mgmt-resource               23.1.1

Python location '/opt/homebrew/Cellar/azure-cli/2.70.0/libexec/bin/python'
Config directory '/Users/laurent/.azure'
Extensions directory '/Users/laurent/.azure/cliextensions'

Python (Darwin) 3.12.9 (main, Feb  4 2025, 14:38:38) [Clang 16.0.0 (clang-1600.0.26.6)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.