Engineering

6/27/2023

Improvements in Temporal Data Encryption

jonathan lacefield

Jonathan Lacefield

Product - Cloud

Data Encryption in Temporal

Data Encryption is a fundamental security capability most applications implement to protect user and app data. Typically, apps simply use whatever encryption algorithm is supported by their data infrastructure software provider, for example their database or queuing systems. Typically, apps also provide access to their encryption keys to their data infrastructure software provider. Security tradeoffs exist with the typical data encryption approach, particularly in cloud hosted environments, because data infrastructure software providers have access to the algorithms and keys used to encrypt and decrypt app data. This means it is possible for an attacker to access and decrypt app data by infiltrating data infrastructure software providers.

Temporal provides a higher level of data security compared to the typical approach by enabling users to encrypt their data using user-specific algorithms invoked in the Temporal SDK Data Converter without sharing encryption keys with Temporal. This means Temporal never has access to the algorithms or keys used to encrypt/decrypt user data. Regardless if Temporal infrastructure is compromised by an attacker, user data is secure. Simply stated, Temporal Cloud does not have the ability to decrypt user data.

Oftentimes, Temporal users want to see unencrypted data in the Temporal UI or CLI. To support this need, Temporal provides a pluggable Codec Server capability affording users the opportunity to call their specific encryption/decryption algorithm in their local web browser or CLI without providing access to their encryption keys to Temporal. This means that even though Temporal stores and transmits user encrypted data, users are able to view unencrypted data in the Temporal UI or CLI without creating a potential security risk since decryption occurs locally, on a user’s machine, not on Temporal’s servers. Simply stated, users can view encrypted data in Temporal’s Cloud UI without providing the ability for Temporal to decrypt user data.

Why Codec Server Endpoint per Namespace

Up until recently, users had the ability to configure a single Codec Server Endpoint in the Temporal UI. While this approach solved the user need of viewing unencrypted data in a user’s local browser, it did not provide a good experience when users wanted to use different Codec Servers for different Namespaces. Nor did this approach provide affordances for administrators to configure a single Codec Server endpoint for all users to consume. That’s why we are excited to announce the ability to configure a Codec Server per Namespace.

Administrators can now configure a Codec Server endpoint per Namespace, enabling the use of different Codec Servers for different namespaces and enabling users to view decrypted data in their UI without the need to configure anything. We believe this approach provides a better experience for all Temporal users and further strengthens Temporal’s industry-leading data encryption capabilities.

To see the new Codec Server per Namespace capability, either edit an existing or create a new Namespace. The following image shows the new per Namespace configuration section of the Namespace page.

Codec Server image 2

The configuration options are the same ones available today with the user-provided Codec Server. With this new feature, Temporal recommends configuring the Codec Server at the Namespace level.

Even though setting the Codec Server per Namespace is a Temporal best-practice, this feature is opt-in. It is also backwards compatible with the existing user-configured Codec Server capabilities. Users have the ability to continue to use the existing Data Converter functionality. In fact, Temporal enhanced the existing capability to provide user’s the ability to override the Namespace level Codec Server configuration, particularly for Codec Server development purposes. The following image shows the new Codec Server browser endpoint configuration screen.

Codec Server image 2 To learn more about configuring the Codec Server see our documentation.

Security and Compliance at Temporal

Temporal continues to invest in Security and Compliance capabilities. We recently announced the Preview release of another critical security feature, Audit Logging, and we are working on new authentication and authorization capabilities for Temporal Cloud.

As always, we're here to support you. If you have any questions or need assistance, don't hesitate to reach out to the Temporal team.

Stay tuned for more security and compliance updates. Until then, happy encrypting!