Skip to main content
Tyk Gateway, Tyk Dashboard and Tyk Pump all connect to Redis. The configuration approach depends on how your Redis infrastructure is deployed:
Deployment modeWhen to use
Single nodeDevelopment, small deployments, or where Redis is managed externally as a single endpoint
Redis ClusterHigh throughput or large datasets; data is automatically sharded across multiple nodes
Redis SentinelHigh availability with automatic failover; a primary and replicas, with Sentinel nodes managing promotion
All three modes share the same set of configuration fields. The sections below explain those fields, then show how to apply them for each mode.
All Tyk components that connect to the same Redis instance must use identical Redis configuration. In a standard deployment, this means Tyk Gateway, Tyk Dashboard and Tyk Pump must all be configured consistently. In a distributed deployment, the Control Plane and each Data Plane have separate Redis instances, so their configurations are independent, but within each plane, all components must still match.

Supported Versions

  • Tyk 5.3 and later supports Redis 6.2.x, 7.0.x, and 7.2.x.
  • Tyk 5.2.x and earlier supports Redis 6.0.x and Redis 6.2.x only.

Configuration Reference

Tyk Gateway and Tyk Pump configure Redis inside a named object (storage for Tyk Gateway, analytics_storage_config for Tyk Pump). Tyk Dashboard uses top-level fields prefixed with redis_. The underlying options are equivalent. The table below covers all common configuration fields. TLS-specific fields are covered separately in TLS Encryption.
PurposeTyk Gateway / Tyk Pump fieldTyk Dashboard field
Single host addresshostredis_host
Portportredis_port
Multiple hosts (Cluster or Sentinel)addrsredis_addrs
Usernameusernameredis_username
Passwordpasswordredis_password
Database indexdatabaseredis_database
Enable Cluster modeenable_clusterenable_cluster
Sentinel primary namemaster_nameredis_master_name
Sentinel passwordsentinel_passwordredis_sentinel_password
Max active connectionsoptimisation_max_activeredis_max_active
Connection timeout (seconds)timeoutredis_timeout

Address Configuration

  • For a single-node connection, use host and port.
  • For Redis Cluster, use addrs with the addresses of all cluster nodes (both primary and replica).
  • For Redis Sentinel, use addrs with the addresses of your Sentinel nodes, not the Redis data nodes directly.
  • When addrs is set, host and port are ignored.

Connection Pool

Each Tyk component maintains a pool of connections to Redis. Two settings control this pool: the maximum number of active connections (optimisation_max_active) and the connection timeout (timeout), after which an attempt to connect to Redis is abandoned. The defaults (optimisation_max_active: 500, timeout: 5 seconds) are suitable for most deployments. If you are running Tyk under high load and see connection pool timeouts, raise optimisation_max_active (or redis_max_active for Tyk Dashboard) incrementally until the timeouts stop. Avoid setting it excessively high, as opening too many connections can place unnecessary load on Redis. Keep timeout low so that failures are detected quickly rather than queuing behind slow connections.

Single Node Configuration

Use these settings when connecting to a standalone Redis instance. This is the simplest configuration and is appropriate for development or where your Redis provider exposes a single endpoint.

Tyk Gateway

In tyk.conf (or via environment variables), Redis is configured inside the storage block:
"storage": {
  "type": "redis",
  "host": "redis-server",
  "port": 6379,
  "username": "",
  "password": "",
  "database": 0,
  "optimisation_max_active": 500
}

Tyk Dashboard

In tyk_analytics.conf (or via environment variables), Redis settings are top-level fields:
"redis_host": "redis-server",
"redis_port": 6379,
"redis_username": "",
"redis_password": "",
"redis_database": 0,
"redis_max_active": 500

Tyk Pump

In pump.conf (or via environment variables), Redis is configured inside the analytics_storage_config block:
"analytics_storage_config": {
  "type": "redis",
  "host": "redis-server",
  "port": 6379,
  "username": "",
  "password": "",
  "database": 0,
  "optimisation_max_active": 500
}

Configure Redis Cluster

Redis Cluster automatically shards data across multiple nodes, providing horizontal scalability. It is suited to high-throughput deployments or where the dataset is too large for a single node. Redis Cluster is not the same as a primary/replica setup. In a primary/replica setup, all nodes hold the full dataset and replicas serve as failover targets. In Redis Cluster, the dataset is split across shards, and each shard has its own primary and optional replicas. We recommend reviewing this tutorial to learn more about Redis Cluster. The key differences from a single-node configuration are:
  • Set enable_cluster to true.
  • Replace host/port with addrs, listing all cluster node addresses. Tyk needs visibility of the full cluster to route correctly. Do not list only the primary nodes.
When connecting to Amazon ElastiCache in cluster mode, you can use the configuration endpoint in addrs instead of listing individual nodes. The configuration endpoint handles routing automatically and supports both read and write operations.

Tyk Gateway

In tyk.conf (or via environment variables), Redis is configured inside the storage block. Set enable_cluster to true and list all cluster nodes under addrs:
"storage": {
  "type": "redis",
  "enable_cluster": true,
  "addrs": [
    "server1:6379",
    "server2:6380",
    "server3:6381"
  ],
  "username": "",
  "password": "",
  "database": 0,
  "optimisation_max_active": 4000
}

Tyk Dashboard

In tyk_analytics.conf (or via environment variables), Redis settings are top-level fields. Set enable_cluster to true and list all cluster nodes under redis_addrs:
"redis_addrs": [
  "server1:6379",
  "server2:6380",
  "server3:6381"
],
"enable_cluster": true,
"redis_username": "",
"redis_password": "",
"redis_database": 0,
"redis_max_active": 4000
The enable_cluster field does not have the redis_ prefix.

Tyk Pump

In pump.conf (or via environment variables), Redis is configured inside the analytics_storage_config block. Set enable_cluster to true and list all cluster nodes under addrs:
"analytics_storage_config": {
  "type": "redis",
  "enable_cluster": true,
  "addrs": [
    "server1:6379",
    "server2:6380",
    "server3:6381"
  ],
  "username": "",
  "password": "",
  "database": 0,
  "optimisation_max_active": 4000
}

Configure Redis Sentinel

Redis Sentinel provides high availability for a primary/replica Redis setup. Sentinel nodes monitor the primary, and if it becomes unavailable they coordinate promotion of a replica to primary. No change to Tyk’s configuration is required when a failover occurs. Sentinel is the right choice when you need automatic failover but do not need the horizontal sharding that Redis Cluster provides. We recommend reviewing this tutorial to learn more about Redis Sentinel. The key differences from a single-node configuration are:
  • List your Sentinel node addresses under addrs (not the Redis data nodes directly).
  • Set master_name to the name of the monitored primary, as configured in your Sentinel setup.
Do not set enable_cluster: Sentinel and Cluster are mutually exclusive modes.
When using Bitnami charts to install Redis Sentinel in Kubernetes, a Redis service is exposed rather than the Sentinel nodes directly. In this case, use a standard single-node configuration pointing at that service address, and do not set master_name.

Tyk Gateway

In tyk.conf (or via environment variables), Redis is configured inside the storage block. Point addrs at your Sentinel nodes and set master_name to the name of the monitored primary:
"storage": {
  "type": "redis",
  "addrs": [
    "sentinel1:26379",
    "sentinel2:26379",
    "sentinel3:26379"
  ],
  "master_name": "mymaster",
  "username": "",
  "password": "",
  "database": 0,
  "optimisation_max_active": 4000,
  "sentinel_password": ""
}
  • If your Sentinel nodes require a password, set sentinel_password.

Tyk Dashboard

In tyk_analytics.conf (or via environment variables), Redis settings are top-level fields. Point redis_addrs at your Sentinel nodes and set redis_master_name to the name of the monitored primary:
"redis_addrs": [
  "sentinel1:26379",
  "sentinel2:26379",
  "sentinel3:26379"
],
"redis_master_name": "mymaster",
"redis_username": "",
"redis_password": "",
"redis_database": 0,
"redis_max_active": 4000,
"redis_sentinel_password": ""
  • If your Sentinel nodes require a password, set redis_sentinel_password.

Tyk Pump

In pump.conf (or via environment variables), Redis is configured inside the analytics_storage_config block. Point addrs at your Sentinel nodes and set master_name to the name of the monitored primary:
"analytics_storage_config": {
  "type": "redis",
  "addrs": [
    "sentinel1:26379",
    "sentinel2:26379",
    "sentinel3:26379"
  ],
  "master_name": "mymaster",
  "username": "",
  "password": "",
  "database": 0,
  "optimisation_max_active": 4000,
  "sentinel_password": ""
}
  • If your Sentinel nodes require a password, set sentinel_password.

TLS Encryption

Redis supports TLS encryption from version 6. TLS configuration uses the same fields regardless of whether you are using single-node, Cluster, or Sentinel mode.

Configuration Fields

TLS fields are configured inside the storage block for Tyk Gateway, the analytics_storage_config block for Tyk Pump, and as top-level fields prefixed with redis_ for Tyk Dashboard. Note that Tyk Pump uses different field names from Tyk Gateway for most TLS settings.
PurposeTyk Gateway fieldTyk Pump fieldTyk Dashboard field
Enable TLSuse_ssluse_sslredis_use_ssl
Skip server certificate verificationssl_insecure_skip_verifyssl_insecure_skip_verifyredis_ssl_insecure_skip_verify
Certificate Authority fileca_filessl_ca_fileredis_ca_file
Client certificate file (mTLS)cert_filessl_cert_fileredis_cert_file
Client private key file (mTLS)key_filessl_key_fileredis_key_file
Minimum TLS versiontls_min_versionssl_min_versionredis_tls_min_version
Maximum TLS versiontls_max_versionssl_max_versionredis_tls_max_version
  • Valid values for min/max version: "1.0", "1.1", "1.2", "1.3". Defaults: minimum "1.2", maximum "1.3".
  • Setting ssl_insecure_skip_verify to true is not recommended for production.

Example: Mutual TLS

The following example configures Tyk Gateway to use mutual TLS (mTLS) when connecting to Redis:
"storage": {
  "use_ssl": true,
  "ca_file": "/path/to/ca.crt",
  "cert_file": "/path/to/client.crt",
  "key_file": "/path/to/client.key"
}
  • TLS is enabled with use_ssl.
  • The Redis server’s certificate is verified against the provided CA with ca_file.
  • Tyk Gateway’s client certificate (cert_file) and private key (key_file) are used to satisfy Redis’s client authentication requirement.
For Tyk Dashboard, the equivalent fields are prefixed with redis_ (for example, redis_use_ssl, redis_ca_file). For Tyk Pump, these fields sit inside the analytics_storage_config block, but use different field names: for example, ssl_ca_file instead of ca_file. See the table above for the full field mapping. For background on TLS and mTLS concepts, see TLS and Certificate Management.

Troubleshooting

Before adjusting Tyk configuration, verify that Redis itself is healthy. The commands below help diagnose problems across all deployment modes. Check Redis Is Reachable
redis-cli -h <host> -p <port> PING
A healthy Redis instance responds with PONG. If this fails, the connection problem is at the network or Redis level, not in Tyk configuration. Monitor Key Redis Metrics
redis-cli -h <host> -p <port> INFO
Watch the following metrics:
MetricSectionWhat to look for
connected_clientsclientsApproaching the maxclients limit
blocked_clientsclientsNon-zero values indicate connection pool pressure
rejected_connectionsstatsAny value above 0 means clients were refused. Set up alerting on this metric.
instantaneous_ops_per_secstatsSudden drops may indicate a problem with the Redis instance
used_memory_rssmemoryGrowing unboundedly suggests a key eviction or retention issue
For further troubleshooting guidance, see the Redis documentation: