diff --git a/src/go.mod b/src/go.mod
index c7e9fd7a6..07a79e3d1 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -200,6 +200,6 @@ replace (
 	github.com/docker/distribution => github.com/distribution/distribution v2.8.2+incompatible
 	github.com/gocraft/work => github.com/goharbor/work v0.5.1-patch
 	github.com/goharbor/harbor => ../
-	github.com/gomodule/redigo => github.com/gomodule/redigo v1.8.8
+	github.com/gomodule/redigo => github.com/gomodule/redigo v1.9.2
 	google.golang.org/api => google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff
 )
diff --git a/src/go.sum b/src/go.sum
index 3c2128e3b..0940e1699 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -230,8 +230,8 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/gomodule/redigo v1.8.8 h1:f6cXq6RRfiyrOJEV7p3JhLDlmawGBVBBP1MggY8Mo4E=
-github.com/gomodule/redigo v1.8.8/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
+github.com/gomodule/redigo v1.9.2 h1:HrutZBLhSIU8abiSfW8pj8mPhOyMYjZT/wcA4/L9L9s=
+github.com/gomodule/redigo v1.9.2/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
diff --git a/src/lib/cache/cache.go b/src/lib/cache/cache.go
index 11d8f299c..910d2edd9 100644
--- a/src/lib/cache/cache.go
+++ b/src/lib/cache/cache.go
@@ -32,8 +32,12 @@ const (
 	Memory = "memory"
 	// Redis the cache name of redis
 	Redis = "redis"
+	// Redis the cache name of redis TLS
+	RedisTLS = "rediss"
 	// RedisSentinel the cache name of redis sentinel
 	RedisSentinel = "redis+sentinel"
+	// RedisSentinel with TLS connection
+	RedisSentinelTLS = "rediss+sentinel"
 )
 
 var (
diff --git a/src/lib/cache/redis/redis.go b/src/lib/cache/redis/redis.go
index 80beb3b99..b2f7f7a47 100644
--- a/src/lib/cache/redis/redis.go
+++ b/src/lib/cache/redis/redis.go
@@ -179,14 +179,20 @@ func New(opts cache.Options) (cache.Cache, error) {
 	*/
 
 	switch u.Scheme {
-	case cache.Redis:
+	case cache.Redis, cache.RedisTLS:
+		/*
+			Harbor will only support standard TLS for server-certificate-athentication on Redis connection.
+			mTLS is not the goal
+		*/
+		// tls.Options{Servername:h} will need to be set by ParseURL
 		rdbOpts, err := redis.ParseURL(u.String())
 		if err != nil {
 			return nil, err
 		}
 
 		client = redis.NewClient(rdbOpts)
-	case cache.RedisSentinel:
+	case cache.RedisSentinel, cache.RedisSentinelTLS:
+		// TLS config will be set by ParseSentinelURL
 		failoverOpts, err := ParseSentinelURL(u.String())
 		if err != nil {
 			return nil, err
@@ -203,4 +209,6 @@ func New(opts cache.Options) (cache.Cache, error) {
 func init() {
 	cache.Register(cache.Redis, New)
 	cache.Register(cache.RedisSentinel, New)
+	cache.Register(cache.RedisTLS, New)
+	cache.Register(cache.RedisSentinelTLS, New)
 }
diff --git a/src/lib/cache/redis/util.go b/src/lib/cache/redis/util.go
index f6b25ca71..0038aab4f 100644
--- a/src/lib/cache/redis/util.go
+++ b/src/lib/cache/redis/util.go
@@ -15,6 +15,7 @@
 package redis
 
 import (
+	"crypto/tls"
 	"fmt"
 	"net/url"
 	"sort"
@@ -35,6 +36,7 @@ var (
 // ParseSentinelURL parses sentinel url to redis FailoverOptions.
 // It's a modified version of go-redis ParseURL(https://github.com/go-redis/redis/blob/997118894af9d4244d4a471f2b317eead9c9ca62/options.go#L222) because official version does
 // not support parse sentinel mode.
+// redis+sentinel://user:pass@redis_sentinel1:port1,redis_sentinel2:port2/monitor_name/db?idle_timeout_seconds=100
 func ParseSentinelURL(redisURL string) (*redis.FailoverOptions, error) {
 	u, err := url.Parse(redisURL)
 	if err != nil {
@@ -64,6 +66,13 @@ func ParseSentinelURL(redisURL string) (*redis.FailoverOptions, error) {
 		return nil, errors.Errorf("redis: invalid redis URL path: %s", u.Path)
 	}
 
+	// set tls config for redis+sentinel client use tls connections
+	if u.Scheme == "rediss+sentinel" {
+		o.TLSConfig = &tls.Config{
+			MinVersion: tls.VersionTLS12,
+		}
+	}
+
 	return setupConnParams(u, o)
 }
 
diff --git a/src/lib/redis/pool.go b/src/lib/redis/pool.go
index 3fe9c3351..b11b13063 100644
--- a/src/lib/redis/pool.go
+++ b/src/lib/redis/pool.go
@@ -79,7 +79,7 @@ func GetRedisPool(name string, rawurl string, param *PoolParam) (*redis.Pool, er
 	}
 
 	log.Debug("get redis pool:", name, rawurl)
-	if u.Scheme == "redis" {
+	if u.Scheme == "redis" || u.Scheme == "rediss" {
 		pool := &redis.Pool{
 			Dial: func() (redis.Conn, error) {
 				return redis.DialURL(rawurl)
@@ -95,7 +95,7 @@ func GetRedisPool(name string, rawurl string, param *PoolParam) (*redis.Pool, er
 		}
 		knownPool.Store(name, pool)
 		return pool, nil
-	} else if u.Scheme == "redis+sentinel" {
+	} else if u.Scheme == "redis+sentinel" || u.Scheme == "rediss+sentinel" {
 		pool, err := getSentinelPool(u, param, name)
 		if err != nil {
 			return nil, err
@@ -128,6 +128,10 @@ func getSentinelPool(u *url.URL, param *PoolParam, name string) (*redis.Pool, er
 		sentinelOptions = append(sentinelOptions, redis.DialWriteTimeout(param.DialWriteTimeout))
 	}
 
+	if u.Scheme == "rediss+sentinel" {
+		sentinelOptions = append(sentinelOptions, redis.DialUseTLS(true))
+	}
+
 	redisOptions := sentinelOptions
 
 	if u.User != nil {