How to provide DB credentials to temporal in production?

Hi Experts,

Currently, for Temporal helm charts, for connecting to a postgresql DB, following is the sample provided:

server:
  config:
    persistence:
      default:
        driver: "sql"

        sql:
          driver: "postgres"
          host: _HOST_
          port: 5432
          database: temporal
          user: _USERNAME_
          password: _PASSWORD_
          maxConns: 20
          maxConnLifetime: "1h"

Since these credentails would be strictly confidential, is there a better way to provide these credentials to temporal in a UAT or Production environment?

You should be able to create your secrets up front, and then reference them by name via existingSecret in your config.

2 Likes

@tihomir Can you point me to where this is documented, and an example if possible?

Looking at the code, I conclude that the value of existingSecret is the name of the existing secret, and the key for the secret’s password entry is expected to be password.

See [Feature Request] Add the ability to set custom secret key for existing persistence secret · Issue #268 · temporalio/helm-charts · GitHub