diff --git a/releasenotes/notes/bug-2056656-f71dca8a61138f95.yaml b/releasenotes/notes/bug-2056656-f71dca8a61138f95.yaml
new file mode 100644
index 00000000..22ab9aec
--- /dev/null
+++ b/releasenotes/notes/bug-2056656-f71dca8a61138f95.yaml
@@ -0,0 +1,22 @@
+---
+features:
+  - |
+    The redis driver now supports the following options.
+
+    - ``sentinel_username``
+    - ``sentinel_parameters``
+    - ``sentinel_ssl``
+
+fixes:
+  - |
+    The redis driver no longer enables authentication for redis sentinel when
+    authentication is enabled in redis. This was the previous behavior before
+    6.0.0, and was already required by some deployment tools like kolla. Now
+    authentication for redis sentinel is controlled by a separate options
+    (``sentinel_username`` and ``sentinel_password``).
+
+  - |
+    The redis driver no longer enables SSL for redis sentinel when SSL is
+    enabled in redis, to restore the compatibility with older versions. Now
+    SSL for redis sentinel is controlled by the separate ``sentinel_ssl``
+    option.
diff --git a/tooz/drivers/redis.py b/tooz/drivers/redis.py
index ca30a679..084a5d62 100644
--- a/tooz/drivers/redis.py
+++ b/tooz/drivers/redis.py
@@ -267,6 +267,9 @@ class RedisDriver(coordination.CoordinationDriverCachedRunWatchers,
         'ssl_ca_certs',
         'sentinel',
         'sentinel_fallback',
+        'sentinel_username',
+        'sentinel_password',
+        'sentinel_ssl',
     ])
     """
     Keys that we allow to proxy from the coordinator configuration into the
@@ -288,6 +291,7 @@ class RedisDriver(coordination.CoordinationDriverCachedRunWatchers,
         'retry_on_timeout',
         'socket_keepalive',
         'ssl',
+        'sentinel_ssl',
     ])
 
     #: Client arguments that are expected to be int convertible.
@@ -474,9 +478,23 @@ return 1
             ]
             sentinel_hosts.insert(0, (kwargs.pop('host'), kwargs.pop('port')))
             sentinel_name = kwargs.pop('sentinel')
+            sentinel_kwargs = {}
+            # NOTE(tkajinam): Copy socket_* options, according to the logic
+            # in redis-py
+            for key in kwargs:
+                if key.startswith('socket_'):
+                    sentinel_kwargs[key] = kwargs[key]
+            if kwargs.pop('sentinel_ssl', False):
+                sentinel_kwargs['ssl'] = True
+                for key in ('ssl_certfile', 'ssl_keyfile', 'ssl_cafile'):
+                    if key in kwargs:
+                        sentinel_kwargs[key] = kwargs[key]
+            for key in ('username', 'password'):
+                if 'sentinel_' + key in kwargs:
+                    sentinel_kwargs[key] = kwargs.pop('sentinel_' + key)
             sentinel_server = sentinel.Sentinel(
                 sentinel_hosts,
-                sentinel_kwargs=kwargs,
+                sentinel_kwargs=sentinel_kwargs,
                 **kwargs)
             master_client = sentinel_server.master_for(sentinel_name)
             # The master_client is a redis.Redis using a