The Zed CLI doesn't have a remote peer cert name configuration right now. Contributions are welcome though 🙂 The SpiceDB server doesn't support mTLS, but I believe you could achieve this with Envoy. You can restrict access for PSKs with our Fine-Grained Access Management (FGAM) feature; however, FGAM is an Enterprise feature. https://authzed.com/docs/spicedb-enterprise/fgam