Add TLS/mTLS support to CLI client #1395
Description
Context
The ConnectRPC server supports TLS via tls_cert_file, tls_key_file, and tls_client_ca_file config options. However, the CLI client has no way to specify a custom CA certificate or client certificate for connecting to a TLS-enabled server.
The old gRPC createConnection() had a caCertFile parameter but it was never wired up — both createClient and createAdminClient always passed "".
Proposal
Add CLI flags (or config options) to support:
--ca-cert— Path to a custom CA certificate file (for self-signed or internal CAs)--client-cert/--client-key— For mTLS (optional, lower priority)--insecure— Skip TLS verification (dev only)
These should be configurable via both CLI flags and ~/.config/raystack/frontier.yml.
Related
- PR refactor(cmd): migrate CLI commands from gRPC to ConnectRPC clients #1388 (CLI migration to ConnectRPC) — noted as not a regression since it was never functional