diff --git a/src/database/redis/custom/cli.pm b/src/database/redis/custom/cli.pm
index f6c3a7450..6cdaf1a98 100644
--- a/src/database/redis/custom/cli.pm
+++ b/src/database/redis/custom/cli.pm
@@ -52,6 +52,8 @@ sub new {
             'service:s'       => { name => 'service' },
             'tls'             => { name => 'tls' },
             'cacert:s'        => { name => 'cacert' },
+            'cert:s'          => { name => 'cert' },
+            'key:s'           => { name => 'key' },
             'insecure'        => { name => 'insecure' },
             'timeout:s'       => { name => 'timeout' }
         });
@@ -86,6 +88,8 @@ sub check_options {
     $self->{tls} = defined($self->{option_results}->{tls}) ? 1 : 0;
     $self->{insecure} = defined($self->{option_results}->{insecure}) ? 1 : 0;
     $self->{cacert} = defined($self->{option_results}->{cacert}) && $self->{option_results}->{cacert} ne '' ? $self->{option_results}->{cacert} : '';
+    $self->{cert} = defined($self->{option_results}->{cert}) && $self->{option_results}->{cert} ne '' ? $self->{option_results}->{cert} : '';
+    $self->{key} = defined($self->{option_results}->{key}) && $self->{option_results}->{key} ne '' ? $self->{option_results}->{key} : '';
     $self->{sentinel} = [];
     if (defined($self->{option_results}->{sentinel})) {
         foreach my $addr (@{$self->{option_results}->{sentinel}}) {
@@ -172,6 +176,8 @@ sub get_extra_options {
     my $options = '';
     $options .= ' --tls' if ($self->{tls} == 1);
     $options .= " --cacert '" . $self->{cacert} . "'" if ($self->{cacert} ne '');
+    $options .= " --cert '" . $self->{cert} . "'" if ($self->{cert} ne '');
+    $options .= " --key '" . $self->{key} . "'" if ($self->{key} ne '');
     $options .= ' --insecure' if ($self->{insecure} == 1);
     $options .= " --user '" . $self->{username} . "'" if ($self->{username} ne '');
     $options .= " -a '" . $self->{password} . "'" if ($self->{password} ne '');
@@ -269,6 +275,14 @@ Establish a secure TLS connection (redis-cli >= 6.x mandatory).
 
 CA Certificate file to verify with (redis-cli >= 6.x mandatory).
 
+=item B<--cert>
+
+Client certificate to authenticate with.
+
+=item B<--key>
+
+Private key file to authenticate with.
+
 =item B<--insecure>
 
 Allow insecure TLS connection by skipping cert validation (since redis-cli 6.2.0).