Use mTLS with Respect in Redocly CLI

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

Respect supports Mutual TLS (mTLS) authentication when running API tests. This feature enables you to securely authenticate with servers that require client certificates.

What is mTLS?

Mutual TLS (mTLS) is a two-way authentication process where both the client and server present certificates to verify their identity. This authentication method provides an additional layer of security beyond the standard TLS/SSL.

Using mTLS with Respect

When running tests with Respect in Redocly CLI, provide the necessary certificates using the following command-line options:

npx @redocly/cli respect FILE_PATH.yaml --client-cert <client-cert> --client-key <client-key> --ca-cert <ca-cert>

Replace <client-cert>, <client-key>, and <ca-cert> with the actual paths or valid stringified values to your client certificate, client key, and CA certificate files.

Available options

• client-cert: Path to the client certificate file.
• client-key: Path to the client key file.
• ca-cert: Path to the CA certificate file (optional).

Example

npx @redocly/cli respect api-tests.arazzo.yaml \
--client-cert ./certs/client-cert.pem \
--client-key ./certs/client-key.pem \
--ca-cert ./certs/ca-cert.pem

Or by using environment variables:

REDOCLY_CLI_RESPECT_CLIENT_CERT="-----BEGIN PRIVATE KEY-----YOUR_CLIENT_CERT-----END PRIVATE KEY-----" REDOCLY_CLI_RESPECT_CLIENT_KEY="-----BEGIN PRIVATE KEY-----YOUR_CLIENT_KEY-----END PRIVATE KEY-----" REDOCLY_CLI_RESPECT_CA_CERT="-----BEGIN CERTIFICATE-----YOUR_CA_CERT-----END CERTIFICATE-----" npx @redocly/cli respect api-tests.arazzo.yaml

This command runs the API tests specified in api-tests.arazzo.yaml using the provided client certificate, client key, and CA certificate.

Certificate file formats

The certificates must be in PEM format. Make sure you have the following files ready:

• Client certificate (public key)
• Client private key
• CA certificate (if using a custom Certificate Authority)

Security considerations

• Keep your client private key secure and never commit it to version control
• Ensure certificates are stored with appropriate file permissions
• Use environment variables or secure secret management for sensitive certificate paths in CI/CD pipelines