In-transit encryption client library code sample

This code sample shows a go-redis client library configuration for connecting to a Memorystore for Redis instance that has in-transit encryption enabled.

Connect to an instance

The following sample provides an example of how to instantiate a client, load an in-transit encryption Certificate Authority, and how to set up a connection pool.


import (

	memorystore ""
	redispb ""

// ConnectToDatabase demonstrates how to use go-redis library to connect to a
// Memorystore Redis instance.
func ConnectToDatabase(w io.Writer, projectID, location, instanceID string) error {

	// Instantiate a Redis administrative client
	ctx := context.Background()
	adminClient, err := memorystore.NewCloudRedisClient(ctx)
	if err != nil {
		return err
	defer adminClient.Close()

	req := &redispb.GetInstanceRequest{
		Name: fmt.Sprintf("projects/%s/locations/%s/instances/%s", projectID, location, instanceID),

	instance, err := adminClient.GetInstance(ctx, req)
	if err != nil {
		return err

	fmt.Fprintln(w, instance)

	// Load CA cert
	caCerts := instance.GetServerCaCerts()
	if len(caCerts) == 0 {
		return errors.New("memorystore: no server CA certs for instance")

	caCertPool := x509.NewCertPool()

	// Setup Redis Connection pool
	client := redis.NewClient(&redis.Options{
		Addr:         fmt.Sprintf("%s:%d", instance.Host, instance.Port),
		Password:     "PASSWORD",
		PoolSize:     1,
		MinIdleConns: 1,
		PoolTimeout:  0,
		IdleTimeout:  20 * time.Second,
		DialTimeout:  2 * time.Second,
		TLSConfig: &tls.Config{
			RootCAs: caCertPool,

	p, err := client.Ping(ctx).Result()
	if err != nil {
		return err
	fmt.Fprintf(w, "Response:\n%s", p)

	return nil

What's next