How to use pbm-agent with client tls

Hi there.

I have a Percona replica set with requireTLS, which I would like to backup with pbm. At the moment I am struggling to connect to my cluster when providing tls options in the connection string. I am able to connect using the same options when connecting with the mongo shell.

mongo shell: mongo --authenticationMechanism MONGODB-X509 --tls --host localhost --tlsCertificateKeyFile path/tls.crt --tlsCAFile path/ca.pem

mongod logs:

"NETWORK", "msg":"Connection accepted"
"ACCESS",  "ctx":"conn464","msg":"Authenticate"
"ACCESS",  "msg":"Successfully authenticated"

The above works as expected, and I am in a shell as the user specified in the x509 certificate subject name.

Now, when using pbm: PBM_MONGODB_URI=mongodb://localhost:27017/?tls=true&authenticationMechanism=MONGODB-X509&tlsCertificateKeyFile=path/tls.crt&tlsCAFile=path/ca.pem pbm status

mongod logs:

"NETWORK" "msg":"Connection accepted"
"NETWORK" "msg":"Connection ended"

There are no corresponding ‘ACCESS’ logs.

The error reported by pbm is Error: connect to mongodb: setup a new backups db: ensure cmd collection: (Unauthorized) command create requires authentication

Are there any guides for mTLS connections with pbm?