This sample shows how to connect a client to Temporal using mtls where the certificates are dynamically loaded. This allows the credentials to be replaced without restarting the worker.
-
Configure a Temporal Server (such as Temporal Cloud) with mTLS.
-
Run the following command to start the worker
go run ./dynamicmtls/worker -target-host my.namespace.tmprl.cloud:7233 -namespace my.namespace -client-cert path/to/cert.pem -client-key path/to/key.pem
- Run the following command to start the example
go run ./dynamicmtls/starter -target-host my.namespace.tmprl.cloud:7233 -namespace my.namespace -client-cert path/to/cert.pem -client-key path/to/key.pem
Note:
If the server uses self-signed certificates and does not have the SAN set to the actual host, pass one of the following two options when starting the worker or the example above:
-server-nameand provide the common name contained in the self-signed server certificate-insecure-skip-verifywhich disables certificate and host name validation