Question JWT Authorization via SDK / CLI

Dear Temporal team,

I’m looking for a way to authenticate client requests from the CLI and via the SDK. As far as I’ve seen in the server config the DefaultJWTClaimMapper can be configured to utilize JWT Authentication / Authorization.
I’ve read the documentation at https://docs.temporal.io/docs/server-security.

From the client side (SDK) the Headers should be settable via the HeadersProvider Interface.
Could you please indicate if this is the correct way to implement / configure JWT Authentication?

The CLI currently not seems to be able to use JWT Authentication, but only TLS Authentication.
I think it would make sense to also allow JWT Authentication on the CLI. Maybe one solution could be that the token is read from an env variable, stored as a base64 encoded string.

Thank you in advance for your feedback.