diff --git a/bitnami/redis/CHANGELOG.md b/bitnami/redis/CHANGELOG.md
index dd9b6ea911..8725ab0eb7 100644
--- a/bitnami/redis/CHANGELOG.md
+++ b/bitnami/redis/CHANGELOG.md
@@ -1,8 +1,12 @@
# Changelog
-## 20.11.5 (2025-03-26)
+## 20.12.0 (2025-04-12)
-* [bitnami/redis] Handle SIGTERM in `kubectl-shared` container ([#32085](https://github.com/bitnami/charts/pull/32085))
+* [bitnami/redis] Support retrieving Redis ACL user passwords from Kubernetes Secrets ([#32434](https://github.com/bitnami/charts/pull/32434))
+
+## 20.11.5 (2025-04-09)
+
+* [bitnami/redis] Handle SIGTERM in `kubectl-shared` container (#32085) ([dad454d](https://github.com/bitnami/charts/commit/dad454d7912fa3328dd1ba528d3be370d6c00342)), closes [#32085](https://github.com/bitnami/charts/issues/32085)
## 20.11.4 (2025-03-22)
diff --git a/bitnami/redis/Chart.yaml b/bitnami/redis/Chart.yaml
index fcb4048fbe..31d5e8ca3b 100644
--- a/bitnami/redis/Chart.yaml
+++ b/bitnami/redis/Chart.yaml
@@ -37,4 +37,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 20.11.5
+version: 20.12.0
\ No newline at end of file
diff --git a/bitnami/redis/README.md b/bitnami/redis/README.md
index eb9260b766..d19ed10216 100644
--- a/bitnami/redis/README.md
+++ b/bitnami/redis/README.md
@@ -503,21 +503,22 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE
### Redis® common configuration parameters
-| Name | Description | Value |
-| -------------------------------- | ------------------------------------------------------------------------------------- | ------------- |
-| `architecture` | Redis® architecture. Allowed values: `standalone` or `replication` | `replication` |
-| `auth.enabled` | Enable password authentication | `true` |
-| `auth.sentinel` | Enable authentication on sentinels too | `true` |
-| `auth.password` | Redis® password | `""` |
-| `auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` |
-| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` |
-| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` |
-| `auth.usePasswordFileFromSecret` | Mount password file from secret | `true` |
-| `auth.acl.enabled` | Enables the support of the Redis ACL system | `false` |
-| `auth.acl.sentinel` | Enables the support of the Redis ACL system for Sentinel Nodes | `false` |
-| `auth.acl.users` | A list of the configured users in the Redis ACL system | `[]` |
-| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` |
-| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis® nodes | `""` |
+| Name | Description | Value |
+| -------------------------------- | ----------------------------------------------------------------------------------------- | ------------- |
+| `architecture` | Redis® architecture. Allowed values: `standalone` or `replication` | `replication` |
+| `auth.enabled` | Enable password authentication | `true` |
+| `auth.sentinel` | Enable authentication on sentinels too | `true` |
+| `auth.password` | Redis® password | `""` |
+| `auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` |
+| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` |
+| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` |
+| `auth.usePasswordFileFromSecret` | Mount password file from secret | `true` |
+| `auth.acl.enabled` | Enables the support of the Redis ACL system | `false` |
+| `auth.acl.sentinel` | Enables the support of the Redis ACL system for Sentinel Nodes | `false` |
+| `auth.acl.users` | A list of the configured users in the Redis ACL system | `[]` |
+| `auth.acl.userSecret` | Name of the Secret, containing user credentials for ACL users. Keys must match usernames. | `""` |
+| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` |
+| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis® nodes | `""` |
### Redis® master configuration parameters
diff --git a/bitnami/redis/templates/_helpers.tpl b/bitnami/redis/templates/_helpers.tpl
index 43ad1a41ff..c060490853 100644
--- a/bitnami/redis/templates/_helpers.tpl
+++ b/bitnami/redis/templates/_helpers.tpl
@@ -231,6 +231,19 @@ Return Redis® password
{{- end }}
{{- end }}
+{{/*
+Returns the secret value if found or an empty string otherwise
+Used for fetching Redis ACL user passwords from Kubernetes Secrets
+*/}}
+{{- define "common.secrets.get" -}}
+{{- $secret := (lookup "v1" "Secret" .context.Release.Namespace .secret) -}}
+{{- if and $secret (index $secret.data .key) -}}
+ {{- index $secret.data .key | b64dec -}}
+{{- else -}}
+ {{- "" -}}
+{{- end }}
+{{- end }}
+
{{/* Check if there are rolling tags in the images */}}
{{- define "redis.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image }}
diff --git a/bitnami/redis/templates/configmap.yaml b/bitnami/redis/templates/configmap.yaml
index f771befc8c..f13c03e0b6 100644
--- a/bitnami/redis/templates/configmap.yaml
+++ b/bitnami/redis/templates/configmap.yaml
@@ -56,8 +56,11 @@ data:
user default on {{ if $password}}#{{ sha256sum $password}}{{ else }}nopass{{ end }} ~* &* +@all
{{- if .Values.auth.acl.users -}}
{{- /* custom users */ -}}
+ {{- $userSecret := .Values.auth.acl.userSecret -}}
{{- range .Values.auth.acl.users }}
- user {{ .username }} {{ default "on" .enabled}} {{ if .password}}#{{ sha256sum .password}}{{ else }}nopass{{ end }} {{ default "~*" .keys}} {{ default "&*" .channels }} {{ default "+@all" .commands }}
+ {{- $userPassword := .password | default "" }}
+ {{- $secretPassword := (include "common.secrets.get" (dict "secret" $userSecret "key" .username "context" $))}}
+ user {{ .username }} {{ default "on" .enabled }} {{ if $secretPassword }}#{{ sha256sum $secretPassword }}{{ else if $userPassword }}#{{ sha256sum $userPassword }}{{ else }}nopass{{ end }} {{ default "~*" .keys }} {{ default "&*" .channels }} {{ default "+@all" .commands }}
{{- end }}
{{- end }}
{{- end }}
diff --git a/bitnami/redis/values.yaml b/bitnami/redis/values.yaml
index a491a2c008..af6076fe1f 100644
--- a/bitnami/redis/values.yaml
+++ b/bitnami/redis/values.yaml
@@ -186,7 +186,9 @@ auth:
## commands: "+@all"
## keys: "~*"
## channels: "&*"
- users: [ ]
+ users: []
+ ## @param auth.acl.userSecret Name of the Secret, containing user credentials for ACL users. Keys must match usernames.
+ userSecret: ""
## @param commonConfiguration [string] Common configuration to be added into the ConfigMap
## ref: https://redis.io/topics/config
##