jarle/Bun TLS
skills/bun-runtime-http-tls/SKILL.md
Enable TLS in Bun.serve
$ install --global
skillsauthnpx skillsauth add jarle/bun-skills Bun TLSInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 2:55 AM6.9s1 file scanned
SKILL.md
- name:
- Bun TLS
- description:
- Enable TLS in Bun.serve
TLS
Enable TLS in Bun.serve
Bun supports TLS out of the box, powered by BoringSSL. Enable TLS by passing in a value for key and cert; both are required to enable TLS.
Bun.serve({
tls: {
key: Bun.file("./key.pem"), // [!code ++]
cert: Bun.file("./cert.pem"), // [!code ++]
},
});
The key and cert fields expect the contents of your TLS key and certificate, not a path to it. This can be a string, BunFile, TypedArray, or Buffer.
Bun.serve({
tls: {
key: Bun.file("./key.pem"), // BunFile
key: fs.readFileSync("./key.pem"), // Buffer
key: fs.readFileSync("./key.pem", "utf8"), // string
key: [Bun.file("./key1.pem"), Bun.file("./key2.pem")], // array of above
},
});
Passphrase
If your private key is encrypted with a passphrase, provide a value for passphrase to decrypt it.
Bun.serve({
tls: {
key: Bun.file("./key.pem"),
cert: Bun.file("./cert.pem"),
passphrase: "my-secret-passphrase", // [!code ++]
},
});
CA Certificates
Optionally, you can override the trusted CA certificates by passing a value for ca. By default, the server will trust the list of well-known CAs curated by Mozilla. When ca is specified, the Mozilla list is overwritten.
Bun.serve({
tls: {
key: Bun.file("./key.pem"), // path to TLS key
cert: Bun.file("./cert.pem"), // path to TLS cert
ca: Bun.file("./ca.pem"), // path to root CA certificate // [!code ++]
},
});
Diffie-Hellman
To override Diffie-Hellman parameters:
Bun.serve({
tls: {
dhParamsFile: "/path/to/dhparams.pem", // path to Diffie Hellman parameters // [!code ++]
},
});
Server name indication (SNI)
To configure the server name indication (SNI) for the server, set the serverName field in the tls object.
Bun.serve({
tls: {
serverName: "my-server.com", // SNI // [!code ++]
},
});
To allow multiple server names, pass an array of objects to tls, each with a serverName field.
Bun.serve({
tls: [
{
key: Bun.file("./key1.pem"),
cert: Bun.file("./cert1.pem"),
serverName: "my-server1.com", // [!code ++]
},
{
key: Bun.file("./key2.pem"),
cert: Bun.file("./cert2.pem"),
serverName: "my-server2.com", // [!code ++]
},
],
});
Related Skills
jarle/Bun TypeScript
development
VerifiedTrustedCommunity
Using TypeScript with Bun, including type definitions and compiler options
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Writing tests
development
VerifiedTrustedCommunity
Learn how to write tests using Bun's Jest-compatible API with support for async tests, timeouts, and various test modifiers
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Snapshots
testing
VerifiedTrustedCommunity
Learn how to use snapshot testing in Bun to save and compare output between test runs
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Runtime behavior
testing
VerifiedTrustedCommunity
Learn about Bun test's runtime integration, environment variables, timeouts, and error handling
1SKILL.mdUpdated Apr 6, 2026