Recommended Temporal CLI flow for interacting with schedules in mTLS namespaces?

We have Temporal Cloud namespaces configured for mTLS auth. The client certs are issued by cert-manager in Kubernetes, and workers use TEMPORAL_TLS_CLIENT_CERT_PATH / TEMPORAL_TLS_CLIENT_KEY_PATH.

For normal operations, we sometimes need to inspect, pause, unpause, or trigger schedules with the Temporal CLI:

temporal schedule describe --schedule-id ${id}
temporal schedule toggle --pause --schedule-id ${id}

What’s the recommended CLI flow for this when the namespace requires certificate auth?

Is the intended pattern to fetch the client cert/key from our secret store and pass --tls-cert-path / --tls-key-path, or is there a better Temporal Cloud CLI workflow for this? temporal cloud login works for Cloud control-plane commands, but it doesn’t seem to authenticate top-level temporal schedule commands against the namespace endpoint.

Thanks :folded_hands:

To follow up and close this thread, I chatted with Temporal support and Conor helped get our Temporal Cloud tenant enabled for “dual auth” so that both mTLS AND API keys work for accessing our namespaces from the CLI. This helped ease the developer experience of working with temporal CLI. Thanks :waving_hand: