Private alpha

Connect through the public TLS proxy with the runtime password.

The Phase 0 service is a founder-operated Valkey endpoint for validation. Billing, self-serve provisioning, multi-tenant isolation, SLA, and compliance commitments are not active.

Endpoint redis.keynest.dev:6380

Protocol Valkey RESP over TLS with password authentication.

Access Port 6380 is public for Lambda clients; SSH and raw Valkey stay firewall-restricted.

Backups restic backup timer plus restore verification before the endpoint is marked usable.

redis-cli smoke test

redis-cli --tls -h redis.keynest.dev -p 6380 -a "$KEYNEST_VALKEY_PASSWORD" PING

Repository smoke test

KEYNEST_VALKEY_HOST=redis.keynest.dev \
KEYNEST_VALKEY_PORT=6380 \
KEYNEST_VALKEY_PASSWORD="$KEYNEST_VALKEY_PASSWORD" \
npm run service:verify

Before use

Use the runtime password shared out of band.
Use the public CA certificate for normal TLS verification.
Use TLS and set explicit connection timeouts.
Do not store production secrets, regulated data, or unrecoverable state during Phase 0.

First client: Emcognito

emcognito-new-ui runs on Lambda, so no source CIDR is required.
Store the KeyNest password in the Emcognito secret manager.
Use a key prefix such as emcognito:<service>:<purpose>:<id>.
Start with a low-risk cache or rate-limit workload with TTLs.
Keep the current backend available behind a feature flag for rollback.