Reads cert and key as base64 for Temporal Cloud

docker-compose-dev.yml

@@ -13,6 +13,7 @@ x-flow-worker-env: &flow-worker-env
   TEMPORAL_HOST_PORT: temporal:7233
   PEERDB_TEMPORAL_NAMESPACE: default
   # For the below 2 cert and key variables,
+  # paste as base64 encoded strings.
   # use yml multiline syntax with '|'
   TEMPORAL_CLIENT_CERT:
   TEMPORAL_CLIENT_KEY:

flow/cmd/api.go

@@ -3,9 +3,11 @@ package main
 import (
 	"context"
 	"crypto/tls"
+	"encoding/base64"
 	"fmt"
 	"net"
 	"net/http"
+	"strings"
 	"time"
 
 	utils "github.com/PeerDB-io/peer-flow/connectors/utils/catalog"
@@ -90,7 +92,18 @@ func APIMain(args *APIServerParams) error {
 		Namespace: args.TemporalNamespace,
 	}
 	if args.TemporalCert != "" && args.TemporalKey != "" {
-		cert, err := tls.X509KeyPair([]byte(args.TemporalCert), []byte(args.TemporalKey))
+		log.Info("Using temporal certificate/key for authentication")
+		certBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(args.TemporalCert))
+		if err != nil {
+			return fmt.Errorf("unable to decode temporal certificate: %w", err)
+		}
+
+		keyBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(args.TemporalKey))
+		if err != nil {
+			return fmt.Errorf("unable to decode temporal key: %w", err)
+		}
+
+		cert, err := tls.X509KeyPair(certBytes, keyBytes)
 		if err != nil {
 			return fmt.Errorf("unable to obtain temporal key pair: %w", err)
 		}

flow/cmd/snapshot_worker.go

@@ -2,7 +2,9 @@ package main
 
 import (
 	"crypto/tls"
+	"encoding/base64"
 	"fmt"
+	"strings"
 
 	"github.com/PeerDB-io/peer-flow/activities"
 	"github.com/PeerDB-io/peer-flow/shared"
@@ -26,7 +28,17 @@ func SnapshotWorkerMain(opts *SnapshotWorkerOptions) error {
 	}
 
 	if opts.TemporalCert != "" && opts.TemporalKey != "" {
-		cert, err := tls.X509KeyPair([]byte(opts.TemporalCert), []byte(opts.TemporalKey))
+		certBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(opts.TemporalCert))
+		if err != nil {
+			return fmt.Errorf("unable to decode temporal certificate: %w", err)
+		}
+
+		keyBytes, err := base64.StdEncoding.DecodeString(strings.TrimSpace(opts.TemporalKey))
+		if err != nil {
+			return fmt.Errorf("unable to decode temporal key: %w", err)
+		}
+
+		cert, err := tls.X509KeyPair(certBytes, keyBytes)
 		if err != nil {
 			return fmt.Errorf("unable to obtain temporal key pair: %w", err)
 		}
@@ -36,6 +48,7 @@ func SnapshotWorkerMain(opts *SnapshotWorkerOptions) error {
 		}
 		clientOptions.ConnectionOptions = connOptions
 	}
+
 	c, err := client.Dial(clientOptions)
 	if err != nil {
 		return fmt.Errorf("unable to create Temporal client: %w", err)

flow/cmd/worker.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"crypto/tls"
+	"encoding/base64"
 	"fmt"
 	"os"
 	"os/signal"
@@ -93,7 +94,18 @@ func WorkerMain(opts *WorkerOptions) error {
 	}
 
 	if opts.TemporalCert != "" && opts.TemporalKey != "" {
-		cert, err := tls.X509KeyPair([]byte(opts.TemporalCert), []byte(opts.TemporalKey))
+		log.Info("Using temporal certificate/key for authentication")
+		certBytes, err := base64.StdEncoding.DecodeString(opts.TemporalCert)
+		if err != nil {
+			return fmt.Errorf("unable to decode temporal certificate: %w", err)
+		}
+
+		keyBytes, err := base64.StdEncoding.DecodeString(opts.TemporalKey)
+		if err != nil {
+			return fmt.Errorf("unable to decode temporal key: %w", err)
+		}
+
+		cert, err := tls.X509KeyPair(certBytes, keyBytes)
 		if err != nil {
 			return fmt.Errorf("unable to obtain temporal key pair: %w", err)
 		}