Skip to main content

tcld namespace command reference

The tcld namespace commands enable NamespaceLink preview icon

operations in Temporal Cloud.

Alias: n

get

The tcld namespace get command gets information about the specified NamespaceLink preview icon

in Temporal Cloud.

Alias: g

tcld namespace get

The following modifier controls the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace get --namespace <namespace_id>

list

The tcld namespace list command lists all NamespacesLink preview icon

in Temporal Cloud.

Alias: l

tcld namespace list

The command has no modifiers.

accepted-client-ca

The tcld namespace accepted-client-ca commands manage the client CA certificates of the specified NamespaceLink preview icon

in Temporal Cloud. The certificates are used to verify client connections.

info

Do not use a CA certificate that is signed with an insecure signature algorithm, such as SHA-1. Such signatures will be rejected. Existing CA certificates that use SHA-1 can stop working without warning.

For more information about the vulnerabilities of SHA-1, see SHAttered.

Alias: ca

add

The tcld namespace accepted-client-ca add command adds client CA certificates to a NamespaceLink preview icon

in Temporal Cloud.

tcld namespace accepted-client-ca add --ca-certificate <value>

Alias: a

The following modifiers control the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace accepted-client-ca add --namespace <namespace_id> --ca-certificate <encoded_certificate>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace accepted-client-ca add --request-id <request_id> --ca-certificate <encoded_certificate>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace accepted-client-ca add --resource-version <etag> --ca-certificate <encoded_certificate>

--ca-certificate

Required modifier unless --ca-certificate-file is specified

Specify a base64-encoded string of a CA certificate PEM file.

If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.

Alias: -c

Example

tcld namespace accepted-client-ca add --ca-certificate <encoded_certificate>

--ca-certificate-file

Required modifier unless --ca-certificate is specified

Specify a path to a CA certificate PEM file.

If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.

Alias: -f

Example

tcld namespace accepted-client-ca add --ca-certificate-file <path>

list

The tcld namespace accepted-client-ca list command lists the client CA certificates that are currently configured for a NamespaceLink preview icon

in Temporal Cloud.

tcld namespace accepted-client-ca list

Alias: l

The following modifier controls the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace accepted-client-ca list --namespace <namespace_id>

remove

The tcld namespace accepted-client-ca remove command removes client CA certificates from a NamespaceLink preview icon

in Temporal Cloud.

tcld namespace accepted-client-ca remove --ca-certificate <value>

Alias: r

The following modifiers control the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace accepted-client-ca remove --namespace <namespace_id> --ca-certificate <encoded_certificate>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace accepted-client-ca remove --request-id <request_id> --ca-certificate <encoded_certificate>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace accepted-client-ca remove --resource-version <etag> --ca-certificate <encoded_certificate>

--ca-certificate

Required modifier unless --ca-certificate-fingerprint or --ca-certificate-file is specified

Specify the base64-encoded string of a CA certificate PEM file.

If --ca-certificate-fingerprint is also specified, both --ca-certificate and --ca-certificate-file are ignored.

If --ca-certificate-file is also specified but --ca-certificate-fingerprint is not, only --ca-certificate is used.

Alias: -c

Example

tcld namespace accepted-client-ca remove --ca-certificate <encoded_certificate>

--ca-certificate-file

Required modifier unless --ca-certificate-fingerprint or --ca-certificate is specified

Specify a path to a CA certificate PEM file.

If --ca-certificate-fingerprint is also specified, both --ca-certificate-file and --ca-certificate are ignored.

If --ca-certificate is also specified but --ca-certificate-fingerprint is not, only --ca-certificate is used.

Alias: -f

Example

tcld namespace accepted-client-ca remove --ca-certificate-file <path>

--ca-certificate-fingerprint

Required modifier unless --ca-certificate or --ca-certificate-file is specified

Specify the fingerprint of a CA certificate.

If --ca-certificate, --ca-certificate-file, or both are also specified, they are ignored.

Alias: --fp

Example

tcld namespace accepted-client-ca remove --ca-certificate-fingerprint <fingerprint>

set

The tcld namespace accepted-client-ca set command sets the client CA certificates for a NamespaceLink preview icon

in Temporal Cloud.

tcld namespace accepted-client-ca set --ca-certificate <value>

Alias: s

When updating CA certificates, it's important to follow a rollover process. Doing so enables your Namespace to serve both CA certificates for a period of time until traffic to your old CA certificate ceases.

  1. Create a single file that contains both your old and new CA certificate PEM blocks. Just concatenate the PEM blocks on adjacent lines.

    -----BEGIN CERTIFICATE-----
    ... old CA cert ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ... new CA cert ...
    -----END CERTIFICATE-----
  2. Run the tcld namespace accepted-client-ca set command with the CA certificate bundle file.

    tcld namespace accepted-client-ca set --ca-certificate-file <path>
  3. Monitor traffic to your old certificate until it ceases.

  4. Create another file that contains only the new CA certificate.

  5. Run the tcld namespace accepted-client-ca set command again with the updated CA certificate bundle file.

The following modifiers control the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace accepted-client-ca set --namespace <namespace_id> --ca-certificate <encoded_certificate>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace accepted-client-ca set --request-id <request_id> --ca-certificate <encoded_certificate>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace accepted-client-ca set --resource-version <etag> --ca-certificate <encoded_certificate>

--ca-certificate

Required modifier unless --ca-certificate-file is specified

Specify a base64-encoded string of a CA certificate PEM file.

If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.

Alias: -c

Example

tcld namespace accepted-client-ca set --ca-certificate <encoded_certificate>

--ca-certificate-file

Required modifier unless --ca-certificate is specified

Specify a path to a CA certificate PEM file.

If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.

Alias: -f

Example

tcld namespace accepted-client-ca set --ca-certificate-file <path>

certificate-filters

The tcld namespace certificate-filters commands manage optional certificate filters for the specified NamespaceLink preview icon

in Temporal Cloud. The Namespace can use certificate filters to authorize client certificates based on distinguished name (DN) fields.

Alias: cf

clear

The tcld namespace certificate-filters clear command clears all certificate filters from a NamespaceLink preview icon

in Temporal Cloud.

caution

Using this command allows any client certificate that chains up to a configured CA certificate to connect to the Namespace.

tcld namespace certificate-filters clear

The following modifiers control the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace certificate-filters clear --namespace <namespace_id>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace certificate-filters clear --request-id <request_id>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace certificate-filters clear --resource-version <etag>

export

The tcld namespace certificate-filters export command exports existing certificate filters from a NamespaceLink preview icon

in Temporal Cloud.

tcld namespace certificate-filters export --certificate-filter-file <path>

Alias: exp

The following modifiers control the behavior of the command.

--certificate-filter-file

Specify a path to a JSON file where tcld can export the certificate filters.

Aliases: --file, -f

Example

tcld namespace certificate-filters export --certificate-filter-file <path>

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace certificate-filters import --namespace <namespace_id> --certificate-filter-input <json>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace certificate-filters import --request-id <request_id> --certificate-filter-input <json>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace certificate-filters import --resource-version <etag> --certificate-filter-input <json>

import

The tcld namespace certificate-filters import command sets certificate filters for a NamespaceLink preview icon

in Temporal Cloud.

tcld namespace certificate-filters import --certificate-filter-file <path>

Alias: imp

A certificate filter can include any combination (and at least one) of the following:

  • commonName
  • organization
  • organizationalUnit
  • subjectAlternativeName

The following modifiers control the behavior of the command.

--certificate-filter-file

Required modifier unless --certificate-filter-input is specified

Specify a path to a JSON file that defines certificate filters to be applied to the Namespace, such as { "filters": [ { "commonName": "test1" } ] }. The specified filters replace any existing filters.

If both --certificate-filter-file and --certificate-filter-input are specified, the command returns an error.

Aliases: --file, -f

Example

tcld namespace certificate-filters import --certificate-filter-file <path>

--certificate-filter-input

Required modifier unless --certificate-filter-file is specified

Specify a JSON string that defines certificate filters to be applied to the Namespace, such as { "filters": [ { "commonName": "test1" } ] }. The specified filters replace any existing filters.

If both --certificate-filter-input and --certificate-filter-file are specified, the command returns an error.

Aliases: --input, -i

Example

tcld namespace certificate-filters import --certificate-filter-input <json>

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace certificate-filters import --namespace <namespace_id> --certificate-filter-input <json>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace certificate-filters import --request-id <request_id> --certificate-filter-input <json>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace certificate-filters import --resource-version <etag> --certificate-filter-input <json>

search-attributes

The tcld namespace search-attributes commands manage Search AttributesLink preview icon

of the specified NamespaceLink preview icon in Temporal Cloud.

Alias: sa

add

The tcld namespace search-attributes add command adds custom Search AttributesLink preview icon

to a Namespace in Temporal Cloud.

tcld namespace search-attributes add --search-attribute <value>

Alias: a

The following modifiers control the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace search-attributes add --namespace <namespace_id> --search-attribute <value>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace search-attributes add --request-id <request_id> --search-attribute <value>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace search-attributes add --resource-version <etag> --search-attribute <value>

--search-attribute

Required modifier; can be specified more than once

Specify a custom Search Attribute in the form "name=type". Valid values for type are as follows:

  • Bool
  • Datetime
  • Double
  • Int
  • Keyword
  • Text

Alias: --sa

Example

tcld namespace search-attributes add --search-attribute "YourSearchAttribute1=Text" --search-attribute "YourSearchAttribute2=Double"

rename

The tcld namespace search-attributes rename command renames a custom Search AttributeLink preview icon

in Temporal Cloud.

tcld namespace search-attributes rename --existing-name <value> --new-name <value>

The following modifiers control the behavior of the command.

--namespace

Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.

Alias: -n

Example

tcld namespace search-attributes rename --namespace <namespace_id> --existing-name <value> --new-name <value>

--request-id

Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.

Alias: -r

Example

tcld namespace search-attributes rename --request-id <request_id> --existing-name <value> --new-name <value>

--resource-version

Specify a resource version (ETag) to update from. If not specified, the latest version is used.

Alias: -v

Example

tcld namespace search-attributes rename --resource-version <etag> --existing-name <value> --new-name <value>

--existing-name

Required modifier

Specify the name of an existing Search Attribute.

Alias: --en

Example

tcld namespace search-attributes rename --existing-name <value> --new-name <value>

--new-name

Required modifier

Specify a new name for the Search Attribute.

Alias: --nn

Example

tcld namespace search-attributes rename --existing-name <value> --new-name <value>