diff --git a/docs/cmdline-opts/cert.md b/docs/cmdline-opts/cert.md
index 5aaaac2034..331d71bda6 100644
--- a/docs/cmdline-opts/cert.md
+++ b/docs/cmdline-opts/cert.md
@@ -58,3 +58,9 @@ usually a SHA-1 hex string which you can see in certificate details. Following
 store locations are supported: *CurrentUser*, *LocalMachine*,
 *CurrentService*, *Services*, *CurrentUserGroupPolicy*,
 *LocalMachineGroupPolicy* and *LocalMachineEnterprise*.
+
+# Using OpenSSL Engine with TPM 2.0
+
+To use an OpenSSL engine with a TPM 2.0,
+use this command 
+`curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`.
\ No newline at end of file
diff --git a/docs/cmdline-opts/key.md b/docs/cmdline-opts/key.md
index 355f4fcd96..9f2b6d4c5d 100644
--- a/docs/cmdline-opts/key.md
+++ b/docs/cmdline-opts/key.md
@@ -27,8 +27,15 @@ private key located in a PKCS#11 device. A string beginning with `pkcs11:` is
 interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine
 option is set as `pkcs11` if none was provided and the --key-type option is
 set as `ENG` or `PROV` if none was provided (depending on OpenSSL version).
+For 
 
 If curl is built against Secure Transport or Schannel then this option is
 ignored for TLS protocols (HTTPS, etc). Those backends expect the private key
 to be already present in the keychain or PKCS#12 file containing the
 certificate.
+
+# Using OpenSSL Engine with TPM 2.0
+
+To use an OpenSSL engine with a TPM 2.0,
+use this command 
+`curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`.
\ No newline at end of file