k6

A modern load testing tool, using Go and JavaScript

"like unit testing, for performance"

k6 is a modern load testing tool, building on Load Impact's years of experience. It provides a clean, approachable JavaScript scripting API, distributed and cloud execution, and orchestration via a REST API.

Get Started    Guides

SSL/TLS client certificates

Usually when talking about TLS certificates we are referring to the mechanism by which clients authenticates servers. The reverse is also supported by TLS, that servers can authenticate clients based on client certificates, a use case also supported by k6.

To use client certificates you specify global configuration options that tells k6 how to map a public certificate and private key to the domains they are valid for. You can load the certificate and key from local files or embed them as strings in the script.

Loading certificate and key from local file

To load certificate and key from local files you use the builtin open(...) function:

import http from "k6/http";

export let options = {
  tlsAuth: [
    { domains: ["example.com"], cert: open("./mycert.pem"), key: open("./mycert-key.pem") }
  ]
};

export default function() {
  http.get("https://example.com/");
}

Loading certificate and key from embedded strings

To load certificate and key from embedded strings (note the use of template literals for multi-line strings):

import http from "k6/http";

const CERT = `-----BEGIN CERTIFICATE-----
MIIFgTCCA2kCAQEwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlNFMRcwFQYD
VQQIEw5TdG9ja2hvbG1zIExhbjESMBAGA1UEBxMJU3RvY2tob2xtMRcwFQYDVQQK
...
/n5QrTGhP51P9Q1THzRfn6cNCDwzSTMVEJr40QhuTJQWASe3miuFmZoG5ykmGqVm
fWQRiQyM330s9vTwFy14J2Bxe4px6cyy7rVXvYL2LvfA4L0T7/x1nUULw+Mpqun1
R3XRJWqGDjBKXr5q8VatdQO1QLgr
-----END CERTIFICATE-----`

const KEY = `-----BEGIN RSA PRIVATE KEY-----
KsZVVI1FTX+F959vqu1S02T+R1JM29PkIfJILIXapKQfb0FWrALU5xpipdPYBWp7
j5iSp06/7H8ms87Uz9BrOA6rytoRSE0/wEe5WkWdBBgLLPpfOSWZsAA5RGCB2n+N
...
Dk+frzKuiErHFN7HOHAQannui4eLsY0ehYMByowgJIUGzIJyXR6O19hVhV7Py66u
X7/Jy01JXn83LuWdpaPAKU+B42BLP0IGXt5CocPms07HOdtJ/wm2zwHTyfjn9vu+
HO/dQr6a7DhRu2lLI9Sc983NwRqDKICZQQ/+gqWk8BgQZ1yI9O4AYkzywzAEk3py
-----END RSA PRIVATE KEY-----`

export let options = {
  tlsAuth: [
    { domains: ["example.com"], cert: CERT, key: KEY }
  ]
};

export default function() {
  http.get("https://example.com/");
}

Certificate and key used in example

The partial certificate and key data in the above example were generated for this particular example, they're not real or in-use anywhere.