diff --git a/defaults/main.yml b/defaults/main.yml
index 3b88d08..342d325 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -53,3 +53,7 @@ redis_disabled_commands: []
 #  - DEBUG
 
 redis_extra_config: ""
+
+redis_acl_file: ""
+
+redis_acl_mode: 0644
diff --git a/tasks/main.yml b/tasks/main.yml
index 03ee836..42020e0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -21,6 +21,14 @@
     mode: "{{ redis_conf_mode }}"
   notify: restart redis
 
+# Ensure the ACL file exists
+- name: Ensure Redis ACL file exists.
+  ansible.builtin.file:
+    path: "{{ redis_acl_file }}"
+    state: touch
+    mode: "{{ redis_acl_mode }}"
+  when: redis_acl_file != ""
+
 # Setup/install tasks.
 - include_tasks: setup-RedHat.yml
   when: ansible_os_family == 'RedHat'
diff --git a/templates/redis.conf.j2 b/templates/redis.conf.j2
index 6c7e496..8fea1e6 100644
--- a/templates/redis.conf.j2
+++ b/templates/redis.conf.j2
@@ -42,10 +42,6 @@ appendonly {{ redis_appendonly }}
 appendfsync {{ redis_appendfsync }}
 no-appendfsync-on-rewrite no
 
-{% for include in redis_includes %}
-include {{ include }}
-{% endfor %}
-
 {% if redis_requirepass %}
 requirepass {{ redis_requirepass }}
 {% endif %}
@@ -55,3 +51,11 @@ rename-command {{ redis_disabled_command }} ""
 {% endfor %}
 
 {{ redis_extra_config }}
+
+{% if redis_acl_file %}
+aclfile {{ redis_acl_file }}
+{% endif %}
+
+{% for include in redis_includes %}
+include {{ include }}
+{% endfor %}