diff --git a/cmd/tk/create_source_helm.go b/cmd/tk/create_source_helm.go
index 0b1f0e92..82ec91f1 100644
--- a/cmd/tk/create_source_helm.go
+++ b/cmd/tk/create_source_helm.go
@@ -49,6 +49,13 @@ For private Helm repositories, the basic authentication credentials are stored i
     --url=https://stefanprodan.github.io/podinfo \
     --username=username \
     --password=password
+
+  # Create a source from a Helm repository using TLS authentication
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --cert-file=./cert.crt \
+    --key-file=./key.crt \
+    --ca-file=./ca.crt
 `,
 	RunE: createSourceHelmCmdRun,
 }
@@ -57,12 +64,18 @@ var (
 	sourceHelmURL      string
 	sourceHelmUsername string
 	sourceHelmPassword string
+	sourceHelmCertFile string
+	sourceHelmKeyFile  string
+	sourceHelmCAFile   string
 )
 
 func init() {
 	createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address")
 	createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username")
 	createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
 
 	createSourceCmd.AddCommand(createSourceHelmCmd)
 }
@@ -113,35 +126,52 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return exportHelmRepository(helmRepository)
 	}
 
-	withAuth := false
+	logger.Generatef("generating source")
+
+	secret := corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: namespace,
+		},
+		StringData: map[string]string{},
+	}
+
 	if sourceHelmUsername != "" && sourceHelmPassword != "" {
-		logger.Actionf("applying secret with basic auth credentials")
-		secret := corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      secretName,
-				Namespace: namespace,
-			},
-			StringData: map[string]string{
-				"username": sourceHelmUsername,
-				"password": sourceHelmPassword,
-			},
+		secret.StringData["username"] = sourceHelmUsername
+		secret.StringData["password"] = sourceHelmPassword
+	}
+
+	if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
+		cert, err := ioutil.ReadFile(sourceHelmCertFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
 		}
-		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
-			return err
+		secret.StringData["certFile"] = string(cert)
+
+		key, err := ioutil.ReadFile(sourceHelmKeyFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
 		}
-		withAuth = true
+		secret.StringData["keyFile"] = string(key)
 	}
 
-	if withAuth {
-		logger.Successf("authentication configured")
+	if sourceHelmCAFile != "" {
+		ca, err := ioutil.ReadFile(sourceHelmCAFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
+		}
+		secret.StringData["caFile"] = string(ca)
 	}
 
-	logger.Generatef("generating source")
-
-	if withAuth {
+	if len(secret.StringData) > 0 {
+		logger.Actionf("applying secret with repository credentials")
+		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+			return err
+		}
 		helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
 			Name: secretName,
 		}
+		logger.Successf("authentication configured")
 	}
 
 	logger.Actionf("applying source")
diff --git a/docs/cmd/tk_create_source_helm.md b/docs/cmd/tk_create_source_helm.md
index 3c7b361d..c7254692 100644
--- a/docs/cmd/tk_create_source_helm.md
+++ b/docs/cmd/tk_create_source_helm.md
@@ -26,15 +26,25 @@ tk create source helm [name] [flags]
     --username=username \
     --password=password
 
+  # Create a source from a Helm repository using TLS authentication
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --cert-file=./cert.crt \
+    --key-file=./key.crt \
+    --ca-file=./ca.crt
+
 ```
 
 ### Options
 
 ```
-  -h, --help              help for helm
-  -p, --password string   basic authentication password
-      --url string        Helm repository address
-  -u, --username string   basic authentication username
+      --ca-file string     TLS authentication CA file path
+      --cert-file string   TLS authentication cert file path
+  -h, --help               help for helm
+      --key-file string    TLS authentication key file path
+  -p, --password string    basic authentication password
+      --url string         Helm repository address
+  -u, --username string    basic authentication username
 ```
 
 ### Options inherited from parent commands