diff --git a/tools/benchmark/cmd/root.go b/tools/benchmark/cmd/root.go
index e2e2e4042..9dbee5cf6 100644
--- a/tools/benchmark/cmd/root.go
+++ b/tools/benchmark/cmd/root.go
@@ -46,6 +46,8 @@ var (
 
 	cpuProfPath string
 	memProfPath string
+
+	user string
 )
 
 func init() {
@@ -57,4 +59,6 @@ func init() {
 	RootCmd.PersistentFlags().StringVar(&tls.CertFile, "cert", "", "identify HTTPS client using this SSL certificate file")
 	RootCmd.PersistentFlags().StringVar(&tls.KeyFile, "key", "", "identify HTTPS client using this SSL key file")
 	RootCmd.PersistentFlags().StringVar(&tls.CAFile, "cacert", "", "verify certificates of HTTPS-enabled servers using this CA bundle")
+
+	RootCmd.PersistentFlags().StringVar(&user, "user", "", "specify username and password in username:password format")
 }
diff --git a/tools/benchmark/cmd/util.go b/tools/benchmark/cmd/util.go
index 99d91a0c3..4a9df3c7b 100644
--- a/tools/benchmark/cmd/util.go
+++ b/tools/benchmark/cmd/util.go
@@ -18,6 +18,7 @@ import (
 	"crypto/rand"
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/coreos/etcd/clientv3"
 )
@@ -41,6 +42,17 @@ func mustCreateConn() *clientv3.Client {
 		cfg.TLS = cfgtls
 	}
 
+	if len(user) != 0 {
+		splitted := strings.SplitN(user, ":", 2)
+		if len(splitted) != 2 {
+			fmt.Fprintf(os.Stderr, "bad user information: %s\n", user)
+			os.Exit(1)
+		}
+
+		cfg.Username = splitted[0]
+		cfg.Password = splitted[1]
+	}
+
 	client, err := clientv3.New(cfg)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "dial error: %v\n", err)