ErrorNotes

Fix Redis 'ERR Client sent AUTH, but no password is set' Error

beginner๐Ÿ”ด Redis2026-05-03| Redis 6.x, 7.x on Linux / macOS / Docker โ€” any client library (redis-cli, ioredis, redis-py, Jedis)

Error Message

ERR Client sent AUTH, but no password is set. Did you mean ACL SETUSER with >password?
#redis#auth#requirepass#acl#security#password

TL;DR

Your Redis client is sending an AUTH command, but the server has no password configured. Fix it by removing the password from your client config, or by adding requirepass yourpassword to redis.conf and restarting Redis. Client and server must agree.

What the error means

Redis only checks credentials if requirepass is set in redis.conf. When that directive is missing (or commented out), the server has no password โ€” yet your client is sending one anyway. Redis doesn't silently ignore it; it throws:

ERR Client sent AUTH, but no password is set. Did you mean ACL SETUSER with >password?

Think of it as the inverse of NOAUTH Authentication required. That error means the client forgot to authenticate. This one means the client authenticated against a server that doesn't need it. Common triggers:

  • You copied a connection string from staging/prod (password-protected) to a local dev Redis that has no password.
  • Someone removed requirepass from redis.conf but never updated the app config to match.
  • A Docker Compose file passes --requirepass only in certain environments.
  • You're on Redis 6+ using the ACL system, but your client still sends a plain AUTH password.

Fix approach 1 โ€” Remove the password from your client (dev/local fix)

Running locally with no auth needed? Stop sending AUTH from the client side. That's all.

redis-cli

Drop the -a flag:

# Wrong โ€” sends AUTH
redis-cli -a mypassword ping

# Correct โ€” no AUTH
redis-cli ping

Node.js (ioredis)

// Remove the password field entirely
const redis = new Redis({
  host: '127.0.0.1',
  port: 6379,
  // password: 'mypassword'  โ† remove or comment this out
});

Python (redis-py)

import redis

# Remove password=
r = redis.Redis(host='localhost', port=6379, db=0)
# r = redis.Redis(host='localhost', port=6379, password='mypassword', db=0)  โ† old

Environment variable approach

If your app reads the Redis URL from an env var, make sure local environments don't carry credentials over from staging:

# Local .env โ€” no password
REDIS_URL=redis://localhost:6379

# Production .env โ€” with password
REDIS_URL=redis://:strongpassword@redis-host:6379

Fix approach 2 โ€” Add requirepass to Redis server (recommended for non-dev)

Flip side: your client has the right password, but the server was never told to require one. Set it up on the server side.

Edit redis.conf

# Find your redis.conf
# Common locations:
# /etc/redis/redis.conf
# /etc/redis.conf
# /usr/local/etc/redis.conf

sudo nano /etc/redis/redis.conf

Find the requirepass line (probably commented out) and set it:

# Before:
# requirepass foobared

# After:
requirepass yourStrongPassword

Then restart Redis:

sudo systemctl restart redis
# or
sudo service redis-server restart

Docker / Docker Compose

# docker run
docker run -d --name redis \
  -p 6379:6379 \
  redis:7 redis-server --requirepass yourStrongPassword

# docker-compose.yml
services:
  redis:
    image: redis:7
    command: redis-server --requirepass yourStrongPassword
    ports:
      - "6379:6379"

Set at runtime (no restart, not persistent)

redis-cli config set requirepass yourStrongPassword

Warning: this change is lost on restart unless you also update redis.conf. Fine for quick testing, not for anything permanent.

Fix approach 3 โ€” Redis 6+ ACL system

The error message drops a hint: "Did you mean ACL SETUSER with >password?" That's Redis nudging you toward the modern auth system introduced in version 6. Instead of one global password, ACL lets you define per-user credentials.

To set a password for the default user:

# Set password for the default user via ACL
redis-cli ACL SETUSER default on >yourpassword ~* &* +@all

# Or in redis.conf (acl file or inline):
# user default on >yourpassword ~* &* +@all

First, check what's currently active:

redis-cli ACL LIST
# Output example:
# user default on nopass ~* &* +@all  โ† means NO password required

If you see nopass, the server accepts connections without a password โ€” your client shouldn't be sending AUTH at all.

Verify the fix

Quick sanity check after any of the above changes:

# Test authentication manually
redis-cli -a yourStrongPassword ping
# Expected: PONG

# Check server config
redis-cli -a yourStrongPassword config get requirepass
# Expected:
# 1) "requirepass"
# 2) "yourStrongPassword"

# Check ACL for default user
redis-cli -a yourStrongPassword ACL WHOAMI
# Expected: "default"

PONG back means the auth handshake is working.

Tips

Generate a proper random password for Redis โ€” don't use something you'll remember. Weak passwords are a real risk if Redis is accidentally exposed on a network interface. I use ToolCraft's password generator to get a 32-character random string in seconds. It runs fully in-browser with no server uploads, which matters when you're handling server credentials.

Three more things to lock down while you're at it:

  • Bind Redis to 127.0.0.1 unless it actually needs to be network-accessible: bind 127.0.0.1 in redis.conf.
  • Keep Redis connection strings in environment variables across all environments. Never hardcode them.
  • Running Redis in Kubernetes? Store the password in a Secret and reference it via env var in both the Redis deployment and your app pods.

Related Error Notes

Fix Redis 'READONLY You can't write against a read only replica' Error

READONLY You can't write against a read only replica.

Fix Redis 'ERR value is not a valid float' When Using INCRBYFLOAT

ERR value is not a valid float

Fix Redis 'ERR value is not an integer or out of range' on INCR and DECR Commands

ERR value is not an integer or out of range