diff --git a/cinderclient/shell.py b/cinderclient/shell.py
index 0d4ee72fa..9b9513e6f 100644
--- a/cinderclient/shell.py
+++ b/cinderclient/shell.py
@@ -802,6 +802,9 @@ class OpenStackCinderShell(object):
         # first create a Keystone session
         cacert = self.options.os_cacert or None
         cert = self.options.os_cert or None
+        if cert and self.options.os_key:
+            cert = cert, self.options.os_key
+
         insecure = self.options.insecure or False
 
         if insecure:
diff --git a/cinderclient/tests/unit/test_shell.py b/cinderclient/tests/unit/test_shell.py
index a2439f2fa..93b7ab3a0 100644
--- a/cinderclient/tests/unit/test_shell.py
+++ b/cinderclient/tests/unit/test_shell.py
@@ -214,6 +214,29 @@ class ShellTest(utils.TestCase):
 
         self.assertEqual(False, _shell.cs.client.verify_cert)
 
+    @mock.patch('keystoneclient.session.Session.__init__',
+                side_effect=RuntimeError())
+    def test_http_client_with_cert(self, mock_session):
+        _shell = shell.OpenStackCinderShell()
+
+        # We crash the command after Session instantiation because this test
+        # focuses only on arguments provided to Session.__init__
+        args = '--os-cert', 'minnie', 'list'
+        self.assertRaises(RuntimeError, _shell.main, args)
+        mock_session.assert_called_once_with(cert='minnie', verify=mock.ANY)
+
+    @mock.patch('keystoneclient.session.Session.__init__',
+                side_effect=RuntimeError())
+    def test_http_client_with_cert_and_key(self, mock_session):
+        _shell = shell.OpenStackCinderShell()
+
+        # We crash the command after Session instantiation because this test
+        # focuses only on arguments provided to Session.__init__
+        args = '--os-cert', 'minnie', '--os-key', 'mickey', 'list'
+        self.assertRaises(RuntimeError, _shell.main, args)
+        mock_session.assert_called_once_with(cert=('minnie', 'mickey'),
+                                             verify=mock.ANY)
+
 
 class CinderClientArgumentParserTest(utils.TestCase):
 
diff --git a/releasenotes/notes/support---os-key-option-72ba2fd4880736ac.yaml b/releasenotes/notes/support---os-key-option-72ba2fd4880736ac.yaml
new file mode 100644
index 000000000..6d882d0b1
--- /dev/null
+++ b/releasenotes/notes/support---os-key-option-72ba2fd4880736ac.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+      Support --os-key option and OS_KEY environment variable which allows to
+      provide client cert and its private key separately.