diff --git a/deploy/redis/scripts/redis-sentinel-setup.sh.tpl b/deploy/redis/scripts/redis-sentinel-setup.sh.tpl
index e8cc4afa0cb3..dbb52067fde4 100644
--- a/deploy/redis/scripts/redis-sentinel-setup.sh.tpl
+++ b/deploy/redis/scripts/redis-sentinel-setup.sh.tpl
@@ -1,5 +1,5 @@
 #!/bin/sh
-set -e
+set -ex
 {{- $clusterName := $.cluster.metadata.name }}
 {{- $namespace := $.cluster.metadata.namespace }}
 {{- /* find redis-sentinel component */}}
@@ -17,17 +17,20 @@ set -e
 {{- /* build primary pod message, because currently does not support cross-component acquisition of environment variables, the service of the redis master node is assembled here through specific rules  */}}
 {{- $primary_pod = printf "%s-%s-%d.%s-%s-headless.%s.svc" $clusterName $redis_component.name $candidate_instance_index $clusterName $redis_component.name $namespace }}
 {{- $sentinel_monitor := printf "%s-%s %s" $clusterName $redis_component.name $primary_pod }}
-cat>/etc/sentinel/redis-sentinel.conf<<EOF
-port 26379
-sentinel resolve-hostnames yes
-sentinel announce-hostnames yes
-sentinel monitor {{ $sentinel_monitor }} 6379 2
-sentinel down-after-milliseconds {{ $clusterName }}-{{ $redis_component.name }} 5000
-sentinel failover-timeout {{ $clusterName }}-{{ $redis_component.name }} 60000
-sentinel parallel-syncs {{ $clusterName }}-{{ $redis_component.name }} 1
-sentinel auth-user {{ $clusterName }}-{{ $redis_component.name }} $REDIS_SENTINEL_USER
-sentinel auth-pass {{ $clusterName }}-{{ $redis_component.name }} $REDIS_SENTINEL_PASSWORD
-sentinel sentinel-user $SENTINEL_USER
-sentinel sentinel-pass $SENTINEL_PASSWORD
-{{- /* $primary_svc := printf "%s-%s.%s.svc" $clusterName $redis_component.name $namespace */}}
-EOF
\ No newline at end of file
+{{- /* build sentinel config */}}
+echo "port 26379" >> /etc/sentinel/redis-sentinel.conf
+echo "sentinel resolve-hostnames yes" >> /etc/sentinel/redis-sentinel.conf
+echo "sentinel announce-hostnames yes" >> /etc/sentinel/redis-sentinel.conf
+echo "sentinel monitor {{ $sentinel_monitor }} 6379 2" >> /etc/sentinel/redis-sentinel.conf
+echo "sentinel down-after-milliseconds {{ $clusterName }}-{{ $redis_component.name }} 5000" >> /etc/sentinel/redis-sentinel.conf
+echo "sentinel failover-timeout {{ $clusterName }}-{{ $redis_component.name }} 60000" >> /etc/sentinel/redis-sentinel.conf
+echo "sentinel parallel-syncs {{ $clusterName }}-{{ $redis_component.name }} 1" >> /etc/sentinel/redis-sentinel.conf
+if [ ! -z "$REDIS_SENTINEL_PASSWORD" ]; then
+  echo "sentinel auth-user {{ $clusterName }}-{{ $redis_component.name }} $REDIS_SENTINEL_USER" >> /etc/sentinel/redis-sentinel.conf
+  echo "sentinel auth-pass {{ $clusterName }}-{{ $redis_component.name }} $REDIS_SENTINEL_PASSWORD" >> /etc/sentinel/redis-sentinel.conf
+fi
+if [ ! -z "$SENTINEL_PASSWORD" ]; then
+  echo "sentinel sentinel-user $SENTINEL_USER" >> /etc/sentinel/redis-sentinel.conf
+  echo "sentinel sentinel-pass $SENTINEL_PASSWORD" >> /etc/sentinel/redis-sentinel.conf
+fi
+{{- /* $primary_svc := printf "%s-%s.%s.svc" $clusterName $redis_component.name $namespace */}}
\ No newline at end of file
diff --git a/deploy/redis/scripts/redis-sentinel-start.sh.tpl b/deploy/redis/scripts/redis-sentinel-start.sh.tpl
index 4edbf6a8835e..5ef80f9eeeb0 100644
--- a/deploy/redis/scripts/redis-sentinel-start.sh.tpl
+++ b/deploy/redis/scripts/redis-sentinel-start.sh.tpl
@@ -1,5 +1,5 @@
 #!/bin/sh
-set -e
+set -ex
 {{- $clusterName := $.cluster.metadata.name }}
 {{- $namespace := $.cluster.metadata.namespace }}
 {{- /* find redis component */}}
@@ -12,7 +12,11 @@ set -e
 {{- /* build redis engine service */}}
 {{- $primary_svc := printf "%s-%s.%s.svc" $clusterName $redis_component.name $namespace }}
 echo "Waiting for redis service {{ $primary_svc }} to be ready..."
-until redis-cli -h {{ $primary_svc }} -p 6379 -a $REDIS_DEFAULT_PASSWORD ping; do sleep 1; done
+if [ ! -z "$REDIS_DEFAULT_PASSWORD" ]; then
+  until redis-cli -h {{ $primary_svc }} -p 6379 -a $REDIS_DEFAULT_PASSWORD ping; do sleep 1; done
+else
+  until redis-cli -h {{ $primary_svc }} -p 6379 ping; do sleep 1; done
+fi
 echo "redis service ready, Starting sentinel..."
 echo "sentinel announce-ip $KB_POD_FQDN" >> /etc/sentinel/redis-sentinel.conf
 exec redis-server /etc/sentinel/redis-sentinel.conf --sentinel
diff --git a/deploy/redis/scripts/redis7-start.sh.tpl b/deploy/redis/scripts/redis7-start.sh.tpl
index fc02854390bf..7ff1155a2575 100644
--- a/deploy/redis/scripts/redis7-start.sh.tpl
+++ b/deploy/redis/scripts/redis7-start.sh.tpl
@@ -2,8 +2,6 @@
 set -ex
 echo "include /etc/conf/redis.conf" >> /etc/redis/redis.conf
 echo "replica-announce-ip $KB_POD_FQDN" >> /etc/redis/redis.conf
-echo "masteruser $REDIS_REPL_USER" >> /etc/redis/redis.conf
-echo "masterauth $REDIS_REPL_PASSWORD" >> /etc/redis/redis.conf
 {{- $data_root := getVolumePathByName ( index $.podSpec.containers 0 ) "data" }}
 if [ -f /data/users.acl ]; then
   sed -i "/user default on/d" /data/users.acl
@@ -12,9 +10,17 @@ if [ -f /data/users.acl ]; then
 else
   touch /data/users.acl
 fi
-echo "user default on allcommands allkeys >$REDIS_DEFAULT_PASSWORD" >> /data/users.acl
-echo "user $REDIS_REPL_USER on +psync +replconf +ping >$REDIS_REPL_PASSWORD" >> /data/users.acl
-echo "user $REDIS_SENTINEL_USER on allchannels +multi +slaveof +ping +exec +subscribe +config|rewrite +role +publish +info +client|setname +client|kill +script|kill >$REDIS_SENTINEL_PASSWORD" >> /data/users.acl
+if [ ! -z "$REDIS_REPL_PASSWORD" ]; then
+  echo "masteruser $REDIS_REPL_USER" >> /etc/redis/redis.conf
+  echo "masterauth $REDIS_REPL_PASSWORD" >> /etc/redis/redis.conf
+  echo "user $REDIS_REPL_USER on +psync +replconf +ping >$REDIS_REPL_PASSWORD" >> /data/users.acl
+fi
+if [ ! -z "$REDIS_SENTINEL_PASSWORD" ]; then
+  echo "user $REDIS_SENTINEL_USER on allchannels +multi +slaveof +ping +exec +subscribe +config|rewrite +role +publish +info +client|setname +client|kill +script|kill >$REDIS_SENTINEL_PASSWORD" >> /data/users.acl
+fi
+if [ ! -z "$REDIS_DEFAULT_PASSWORD" ]; then
+  echo "user default on allcommands allkeys >$REDIS_DEFAULT_PASSWORD" >> /data/users.acl
+fi
 echo "aclfile /data/users.acl" >> /etc/redis/redis.conf
 
 # usage: retry <command>
@@ -55,7 +61,11 @@ create_replication() {
     echo "KB_POD_NAME=$KB_POD_NAME" >> /etc/redis/.kb_set_up.log
     if [ -z "$primary" ]; then
       echo "Primary pod information not available. shutdown redis-server..."
-      redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_DEFAULT_PASSWORD shutdown
+      if [ ! -z "$REDIS_DEFAULT_PASSWORD" ]; then
+        redis-cli -h 127.0.0.1 -p 6379 -a "$REDIS_DEFAULT_PASSWORD" shutdown
+      else
+        redis-cli -h 127.0.0.1 -p 6379 shutdown
+      fi
       exit 1
     fi
     if [ "$primary" = "$KB_POD_NAME" ]; then
@@ -63,11 +73,20 @@ create_replication() {
     else
       primary_fqdn="$primary.$KB_CLUSTER_NAME-$KB_COMP_NAME-headless.$KB_NAMESPACE.svc"
       echo "primary_fqdn=$primary_fqdn" >> /etc/redis/.kb_set_up.log
-      retry redis-cli -h $primary_fqdn -p 6379 -a $REDIS_DEFAULT_PASSWORD ping
-      redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_DEFAULT_PASSWORD replicaof $primary_fqdn 6379
+      if [ ! -z "$REDIS_DEFAULT_PASSWORD" ]; then
+        retry redis-cli -h $primary_fqdn -p 6379 -a "$REDIS_DEFAULT_PASSWORD" ping
+        redis-cli -h 127.0.0.1 -p 6379 -a "$REDIS_DEFAULT_PASSWORD" replicaof $primary_fqdn 6379
+      else
+        retry redis-cli -h $primary_fqdn -p 6379 ping
+        redis-cli -h 127.0.0.1 -p 6379 replicaof $primary_fqdn 6379
+      fi
       if [ $? -ne 0 ]; then
         echo "Failed to create a replication relationship. shutdown redis-server..."
-        redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_DEFAULT_PASSWORD shutdown
+        if [ ! -z "$REDIS_DEFAULT_PASSWORD" ]; then
+          redis-cli -h 127.0.0.1 -p 6379 -a "$REDIS_DEFAULT_PASSWORD" shutdown
+        else
+          redis-cli -h 127.0.0.1 -p 6379 shutdown
+        fi
       fi
     fi
 }