Skip to main content

Remote Data Encoding

This page discusses Remote Data Encoding.

What is remote data encoding?

Remote data encoding is exposing your Payload Codec via HTTP endpoints to support remote encoding and decoding.

Running your encoding remotely allows you to use it with the Temporal CLI to encode/decode data for several commands including temporal workflow show and with Temporal Web UI to decode data in your Workflow Execution details view.

To run data encoding/decoding remotely, use a Codec Server. A Codec Server is an HTTP server that uses your custom Codec logic to decode your data remotely. The Codec Server is independent of the Temporal Service and decodes your encrypted payloads through predefined endpoints. You create, operate, and manage access to your Codec Server in your own environment. The Temporal CLI and the Web UI in turn provide built-in hooks to call the Codec Server to decode encrypted payloads on demand.

Encoding data on the Web UI and CLI

You can perform some operations on your Workflow Execution using the Temporal CLI and the Web UI. For example. you can start or signal an active Workflow Execution from the Temporal CLI or cancel a Workflow Execution from the Web UI, which might require inputs that contain sensitive data.

To encode this data, specify your Codec Server endpoints with the codec-endpoint parameter in the Temporal CLI and configure your Web UI to use the Codec Server endpoints.

Decoding data on the Web UI and CLI

If you use custom encoding, Payload data handled by the Temporal Service is stored encoded. Since the Web UI uses the Visibility database to show events and data stored on the Temporal Server, all data in the Workflow Execution History in your Web UI is displayed in the encoded format.

To decode output when using the Web UI and the Temporal CLI, use a Codec Server.

Note that a remote data encoder is a separate system with access to your encryption keys and exposes APIs to encode and decode any data. Evaluate and ensure that your remote data encoder endpoints are secured and only authorized users have access to them.

Samples: