Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
📖 Docs PR preview links |
lennessyy
commented
Apr 23, 2026
Contributor
drewhoskins-temporal
left a comment
drewhoskins-temporal
left a comment
There was a problem hiding this comment.
This is so much better, thank you! Minor nits plus check w/ security.
| You implement the transformation logic once in a Payload Codec, then host that logic in a Codec Server so the Web UI and | ||
| CLI can use it remotely. | ||
|
|
||
| ## Authorization |
Contributor
There was a problem hiding this comment.
This looks good but somebody from security, perhaps Kent Gruber, should have a look.
Co-authored-by: Drew Hoskins <drew.hoskins@temporal.io>
lennessyy
commented
Apr 24, 2026
lennessyy
commented
Apr 24, 2026
picatz
reviewed
Apr 28, 2026
| - **Operating from the CLI.** Use commands like `temporal workflow show` and `temporal workflow execute` with readable | ||
| data, even when payloads are encrypted at rest. | ||
| - **Encoding inputs from the UI and CLI.** When you start or signal a Workflow from the Web UI or CLI, the Codec Server | ||
| can encode the input before it reaches the Temporal Service, so sensitive data is never sent in plaintext. |
Contributor
There was a problem hiding this comment.
Small nit: "never sent in plaintext" is partially true, relative to the Temporal Service, but plaintext does cross from the user's browser/CLI to the Codec Server, ideally over TLS:
Suggested change
| can encode the input before it reaches the Temporal Service, so sensitive data is never sent in plaintext. | |
| can encode the input before it reaches the Temporal Service, so the Temporal Service never sees | |
| plaintext (the input still travels from your browser or CLI to the Codec Server, which is why HTTPS | |
| matters in any non-loopback deployment). |
Comment on lines
+77
to
+78
| Your Codec Server should use the same Payload Codec implementation as your Workers to ensure consistent encoding and | ||
| decoding. |
Contributor
There was a problem hiding this comment.
Suggested change
| Your Codec Server should use the same Payload Codec implementation as your Workers to ensure consistent encoding and | |
| decoding. | |
| decoding. Because the Codec Server often holds the same keys as your Workers, treat its | |
| host with the same trust as a Worker; anyone who can call it has effective decrypt parity. |
| decoding. | ||
|
|
||
| Most SDKs provide example Codec Server implementation samples, listed here: | ||
| ## Codec Server vs. Payload Codec |
Contributor
There was a problem hiding this comment.
A few points here we could consider clarifying:
- HTTPS should be required for any non-loopback deployment.
- JWT verification != authorization: verifying the JWT signature only proves the token came from your IdP or Temporal Cloud. Ideally, the codec server would additionally check the token's claims authorize the namespace in
X-Namespace. This generally requires additional API calls today to be made from the Codec Server, since it's not encoded in the JWT itself, since the Auth0 minted JWT for Temporal Cloud is used to access more than one namespace in a web UI session. - Auth guidance: the "better" option is actually "Include cross-origin credentials", instead of "Pass the user access token". With it, customer codec server developers could use an existing organization-wide authentication provider (via the user browser’s cookies for an IdP) instead of the Auth0-minted JWT for Temporal Cloud. There's lots of nuance here, maybe we include diagrams for the two auth options?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Notes to reviewers
┆Attachments: EDU-6261 docs: refresh codec server page