tcld namespace command reference
The tcld namespace commands enable Namespace
What is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more operations in Temporal Cloud.
Alias: n
- tcld namespace listtcld namespace list
How to list all Namespaces in Temporal Cloud using tcld.
Learn more - tcld namespace gettcld namespace get
How to get information about a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace accepted-client-catcld namespace accepted-client-ca
How to manage the client CA certificates for a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace certificate-filterstcld namespace certificate-filters
How to manage certificate filters for a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace search-attributestcld namespace search-attributes
How to manage Search Attributes of a Namespace in Temporal Cloud using tcld.
Learn more
get
The tcld namespace get command gets information about the specified NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
Alias: g
tcld namespace get
The following modifier controls the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace get --namespace <namespace_id>
list
The tcld namespace list command lists all NamespacesWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
Alias: l
tcld namespace list
The command has no modifiers.
accepted-client-ca
The tcld namespace accepted-client-ca commands manage the client CA certificates of the specified NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud. The certificates are used to verify client connections.
Do not use a CA certificate that is signed with an insecure signature algorithm, such as SHA-1. Such signatures will be rejected. Existing CA certificates that use SHA-1 can stop working without warning.
For more information about the vulnerabilities of SHA-1, see SHAttered.
Alias: ca
- tcld namespace accepted-client-ca addtcld namespace accepted-client-ca add
How to add client CA certificates to a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace accepted-client-ca listtcld namespace accepted-client-ca list
How to list the client CA certificates for a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace accepted-client-ca settcld namespace accepted-client-ca set
How to set the client CA certificates for a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace accepted-client-ca removetcld namespace accepted-client-ca remove
How to remove client CA certificates from a Namespace in Temporal Cloud using tcld.
Learn more
add
The tcld namespace accepted-client-ca add command adds client CA certificates to a NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
tcld namespace accepted-client-ca add --ca-certificate <value>
Alias: a
The following modifiers control the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace accepted-client-ca add --namespace <namespace_id> --ca-certificate <encoded_certificate>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace accepted-client-ca add --request-id <request_id> --ca-certificate <encoded_certificate>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace accepted-client-ca add --resource-version <etag> --ca-certificate <encoded_certificate>
--ca-certificate
Required modifier unless --ca-certificate-file is specified
Specify a base64-encoded string of a CA certificate PEM file.
If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.
Alias: -c
Example
tcld namespace accepted-client-ca add --ca-certificate <encoded_certificate>
--ca-certificate-file
Required modifier unless --ca-certificate is specified
Specify a path to a CA certificate PEM file.
If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.
Alias: -f
Example
tcld namespace accepted-client-ca add --ca-certificate-file <path>
list
The tcld namespace accepted-client-ca list command lists the client CA certificates that are currently configured for a NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
tcld namespace accepted-client-ca list
Alias: l
The following modifier controls the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace accepted-client-ca list --namespace <namespace_id>
remove
The tcld namespace accepted-client-ca remove command removes client CA certificates from a NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
tcld namespace accepted-client-ca remove --ca-certificate <value>
Alias: r
The following modifiers control the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace accepted-client-ca remove --namespace <namespace_id> --ca-certificate <encoded_certificate>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace accepted-client-ca remove --request-id <request_id> --ca-certificate <encoded_certificate>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace accepted-client-ca remove --resource-version <etag> --ca-certificate <encoded_certificate>
--ca-certificate
Required modifier unless --ca-certificate-fingerprint or --ca-certificate-file is specified
Specify the base64-encoded string of a CA certificate PEM file.
If --ca-certificate-fingerprint is also specified, both --ca-certificate and --ca-certificate-file are ignored.
If --ca-certificate-file is also specified but --ca-certificate-fingerprint is not, only --ca-certificate is used.
Alias: -c
Example
tcld namespace accepted-client-ca remove --ca-certificate <encoded_certificate>
--ca-certificate-file
Required modifier unless --ca-certificate-fingerprint or --ca-certificate is specified
Specify a path to a CA certificate PEM file.
If --ca-certificate-fingerprint is also specified, both --ca-certificate-file and --ca-certificate are ignored.
If --ca-certificate is also specified but --ca-certificate-fingerprint is not, only --ca-certificate is used.
Alias: -f
Example
tcld namespace accepted-client-ca remove --ca-certificate-file <path>
--ca-certificate-fingerprint
Required modifier unless --ca-certificate or --ca-certificate-file is specified
Specify the fingerprint of a CA certificate.
If --ca-certificate, --ca-certificate-file, or both are also specified, they are ignored.
Alias: --fp
Example
tcld namespace accepted-client-ca remove --ca-certificate-fingerprint <fingerprint>
set
The tcld namespace accepted-client-ca set command sets the client CA certificates for a NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
tcld namespace accepted-client-ca set --ca-certificate <value>
Alias: s
When updating CA certificates, it's important to follow a rollover process. Doing so enables your Namespace to serve both CA certificates for a period of time until traffic to your old CA certificate ceases.
Create a single file that contains both your old and new CA certificate PEM blocks. Just concatenate the PEM blocks on adjacent lines.
-----BEGIN CERTIFICATE-----
... old CA cert ...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... new CA cert ...
-----END CERTIFICATE-----Run the
tcld namespace accepted-client-ca setcommand with the CA certificate bundle file.tcld namespace accepted-client-ca set --ca-certificate-file <path>Monitor traffic to your old certificate until it ceases.
Create another file that contains only the new CA certificate.
Run the
tcld namespace accepted-client-ca setcommand again with the updated CA certificate bundle file.
The following modifiers control the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace accepted-client-ca set --namespace <namespace_id> --ca-certificate <encoded_certificate>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace accepted-client-ca set --request-id <request_id> --ca-certificate <encoded_certificate>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace accepted-client-ca set --resource-version <etag> --ca-certificate <encoded_certificate>
--ca-certificate
Required modifier unless --ca-certificate-file is specified
Specify a base64-encoded string of a CA certificate PEM file.
If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.
Alias: -c
Example
tcld namespace accepted-client-ca set --ca-certificate <encoded_certificate>
--ca-certificate-file
Required modifier unless --ca-certificate is specified
Specify a path to a CA certificate PEM file.
If both --ca-certificate and --ca-certificate-file are specified, only --ca-certificate is used.
Alias: -f
Example
tcld namespace accepted-client-ca set --ca-certificate-file <path>
certificate-filters
The tcld namespace certificate-filters commands manage optional certificate filters for the specified NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud. The Namespace can use certificate filters to authorize client certificates based on distinguished name (DN) fields.
Alias: cf
- tcld namespace certificate-filters importtcld namespace certificate-filters import
How to set certificate filters for a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace certificate-filters exporttcld namespace certificate-filters export
How to export certificate filters from a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace certificate-filters cleartcld namespace certificate-filters clear
How to clear all certificate filters from a Namespace in Temporal Cloud using tcld.
Learn more
clear
The tcld namespace certificate-filters clear command clears all certificate filters from a NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
Using this command allows any client certificate that chains up to a configured CA certificate to connect to the Namespace.
tcld namespace certificate-filters clear
The following modifiers control the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace certificate-filters clear --namespace <namespace_id>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace certificate-filters clear --request-id <request_id>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace certificate-filters clear --resource-version <etag>
export
The tcld namespace certificate-filters export command exports existing certificate filters from a NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
tcld namespace certificate-filters export --certificate-filter-file <path>
Alias: exp
The following modifiers control the behavior of the command.
--certificate-filter-file
Specify a path to a JSON file where tcld can export the certificate filters.
Aliases: --file, -f
Example
tcld namespace certificate-filters export --certificate-filter-file <path>
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace certificate-filters import --namespace <namespace_id> --certificate-filter-input <json>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace certificate-filters import --request-id <request_id> --certificate-filter-input <json>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace certificate-filters import --resource-version <etag> --certificate-filter-input <json>
import
The tcld namespace certificate-filters import command sets certificate filters for a NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
tcld namespace certificate-filters import --certificate-filter-file <path>
Alias: imp
A certificate filter can include any combination (and at least one) of the following:
commonNameorganizationorganizationalUnitsubjectAlternativeName
The following modifiers control the behavior of the command.
--certificate-filter-file
Required modifier unless --certificate-filter-input is specified
Specify a path to a JSON file that defines certificate filters to be applied to the Namespace, such as { "filters": [ { "commonName": "test1" } ] }. The specified filters replace any existing filters.
If both --certificate-filter-file and --certificate-filter-input are specified, the command returns an error.
Aliases: --file, -f
Example
tcld namespace certificate-filters import --certificate-filter-file <path>
--certificate-filter-input
Required modifier unless --certificate-filter-file is specified
Specify a JSON string that defines certificate filters to be applied to the Namespace, such as { "filters": [ { "commonName": "test1" } ] }. The specified filters replace any existing filters.
If both --certificate-filter-input and --certificate-filter-file are specified, the command returns an error.
Aliases: --input, -i
Example
tcld namespace certificate-filters import --certificate-filter-input <json>
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace certificate-filters import --namespace <namespace_id> --certificate-filter-input <json>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace certificate-filters import --request-id <request_id> --certificate-filter-input <json>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace certificate-filters import --resource-version <etag> --certificate-filter-input <json>
search-attributes
The tcld namespace search-attributes commands manage Search AttributesWhat is a Search Attribute?
A Search Attribute is an indexed name used in List Filters to filter a list of Workflow Executions that have the Search Attribute in their metadata.
Learn more of the specified NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more in Temporal Cloud.
Alias: sa
- tcld namespace search-attributes addtcld namespace search-attributes add
How to add custom Search Attributes to a Namespace in Temporal Cloud using tcld.
Learn more - tcld namespace search-attributes renametcld namespace search-attributes rename
How to rename an existing custom Search Attribute in Temporal Cloud using tcld.
Learn more
add
The tcld namespace search-attributes add command adds custom Search AttributesWhat is a Search Attribute?
A Search Attribute is an indexed name used in List Filters to filter a list of Workflow Executions that have the Search Attribute in their metadata.
Learn more to a Namespace in Temporal Cloud.
tcld namespace search-attributes add --search-attribute <value>
Alias: a
The following modifiers control the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace search-attributes add --namespace <namespace_id> --search-attribute <value>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace search-attributes add --request-id <request_id> --search-attribute <value>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace search-attributes add --resource-version <etag> --search-attribute <value>
--search-attribute
Required modifier; can be specified more than once
Specify a custom Search Attribute in the form "name=type". Valid values for type are as follows:
- Bool
- Datetime
- Double
- Int
- Keyword
- Text
Alias: --sa
Example
tcld namespace search-attributes add --search-attribute "YourSearchAttribute1=Text" --search-attribute "YourSearchAttribute2=Double"
rename
The tcld namespace search-attributes rename command renames a custom Search AttributeWhat is a Search Attribute?
A Search Attribute is an indexed name used in List Filters to filter a list of Workflow Executions that have the Search Attribute in their metadata.
Learn more in Temporal Cloud.
tcld namespace search-attributes rename --existing-name <value> --new-name <value>
The following modifiers control the behavior of the command.
--namespace
Specify a Namespace hosted on Temporal Cloud. If not specified, the value of the environment variable $TEMPORAL_CLOUD_NAMESPACE is used.
Alias: -n
Example
tcld namespace search-attributes rename --namespace <namespace_id> --existing-name <value> --new-name <value>
--request-id
Specify a request identifier to use for the asynchronous operation. If not specified, the server assigns a request identifier.
Alias: -r
Example
tcld namespace search-attributes rename --request-id <request_id> --existing-name <value> --new-name <value>
--resource-version
Specify a resource version (ETag) to update from. If not specified, the latest version is used.
Alias: -v
Example
tcld namespace search-attributes rename --resource-version <etag> --existing-name <value> --new-name <value>
--existing-name
Required modifier
Specify the name of an existing Search Attribute.
Alias: --en
Example
tcld namespace search-attributes rename --existing-name <value> --new-name <value>
--new-name
Required modifier
Specify a new name for the Search Attribute.
Alias: --nn
Example
tcld namespace search-attributes rename --existing-name <value> --new-name <value>