diff --git a/datasource/prometheus/options.go b/datasource/prometheus/options.go
index 04cc743d..1daf063e 100644
--- a/datasource/prometheus/options.go
+++ b/datasource/prometheus/options.go
@@ -104,6 +104,17 @@ func WithCertificate(certificate string) Option {
 	}
 }
 
+// WithTLSClientAuth sets the client tls keypair.
+func WithTLSClientAuth(certificate, key string) Option {
+	return func(datasource *Prometheus) error {
+		datasource.builder.JSONData.(map[string]interface{})["tlsAuth"] = true
+		datasource.builder.SecureJSONData.(map[string]interface{})["tlsClientCert"] = certificate
+		datasource.builder.SecureJSONData.(map[string]interface{})["tlsClientKey"] = key
+
+		return nil
+	}
+}
+
 // WithCredentials joins credentials such as cookies or auth headers to cross-site requests.
 func WithCredentials() Option {
 	return func(datasource *Prometheus) error {
diff --git a/datasource/prometheus/options_test.go b/datasource/prometheus/options_test.go
index ffd04845..3fbeee5c 100644
--- a/datasource/prometheus/options_test.go
+++ b/datasource/prometheus/options_test.go
@@ -114,6 +114,15 @@ func TestWithCertificate(t *testing.T) {
 	req.Equal("certificate-content", datasource.builder.SecureJSONData.(map[string]interface{})["tlsCACert"])
 }
 
+func TestWithTLSClientAuuth(t *testing.T) {
+	req := require.New(t)
+	datasource, err := New("", "", WithTLSClientAuth("cert-content", "key-content"))
+	req.NoError(err)
+	req.Equal(true, datasource.builder.JSONData.(map[string]interface{})["tlsAuth"])
+	req.Equal("cert-content", datasource.builder.SecureJSONData.(map[string]interface{})["tlsClientCert"])
+	req.Equal("key-content", datasource.builder.SecureJSONData.(map[string]interface{})["tlsClientKey"])
+}
+
 func TestWithCredentials(t *testing.T) {
 	req := require.New(t)