Problem
When using Terraform Enterprise (TFE) Flexible Deployment Options (FDO) in active-active mode, configuring the TFE_REDIS_USER variable for Redis servers with username and password authentication may cause TFE to fail on startup.
This issue affects TFE releases before version v202503-1 and produces the following error in the startup logs.
{"component":"sidekiq","log":"rediss://example-redis-server.example.com: not ready yet: WRONGPASS invalid username-password pair or user is disabled."}
{"component":"atlas","log":"rediss://example-redis-server.example.com: not ready yet: WRONGPASS invalid username-password pair or user is disabled."}Prerequisites
- Terraform Enterprise versions prior to
v202503-1. - An external Redis instance configured to require a username for authentication.
Cause
The TFE_REDIS_USER setting is not honored in TFE versions prior to v202503-1 due to a known bug. This is documented in the Known Issues section of the release notes for affected versions.
Terraform Enterprise does not support usernames provided with the
REDIS_USERvariable to authenticate with an external Redis instance.
Solutions
There are two approaches to resolve this issue. The recommended solution is to upgrade Terraform Enterprise.
Solution 1: Upgrade Terraform Enterprise
Upgrade your Terraform Enterprise instance to version v202503-1 or a later version. This version includes the fix that allows TFE to correctly use the TFE_REDIS_USER variable for Redis authentication.
Solution 2: Use the Default Redis User
If an immediate upgrade is not feasible, a workaround is to configure the Redis server to use the default user and a password.
Update your TFE configuration to authenticate with the default user's password and ensure the TFE_REDIS_USER variable is not set.
## In your TFE configuration, enable Redis authentication ## and provide the password for the default user. TFE_REDIS_USE_AUTH: true TFE_REDIS_PASSWORD: "<default-user-password>" ## Do not set the TFE_REDIS_USER variable. # TFE_REDIS_USER: "<custom-user>"
Outcome
After applying one of the solutions, Terraform Enterprise will be able to connect to the Redis instance and start up successfully without authentication errors.