This is very related to #61783
Can you please have a look there, code and discussion, and let us know if you're ok to continue this?

@nicolas-grekas I'm agreed that's current auth way a bit inconsistent.
and I want to bring this to some kind of unified format, or something close to it.
Moreover, there are some issues with DSN backward compatibility. I left one failed test with the following example:

Connection::fromDsn('redis://password1@localhost/queue', ['auth' => 'password2'], $redis);

which password should be used in this case? (origin expectation was at password2 but why?)

Regarding auth per sentinel instance - it's often recommended to separate master and sentinel auth but all sentinel instances have a single password, which is confirmed by the official documentation - https://redis.io/docs/latest/operate/oss_and_stack/management/sentinel/#sentinel-password-only-authentication and docker image as well - https://hub.docker.com/r/bitnami/redis-sentinel#configuration

In my implementation, I suggest explicitly passing auth for master and sentinel in the options e.g.

REDIS_DSN=redis:?host[localhost:1]&host[localhost:2]&master_auth=123&sentinel_auth=456