A developer advocate at Temporal walks through two patterns for keeping sensitive data out of Temporal's workflow history and UI. The first is payload encryption, where data is encrypted before being sent to Temporal and decrypted only by the worker, so Temporal never sees plaintext PII. A codec server browser plugin can be used for local debugging without exposing data to Temporal. The second is the claim check pattern for large payloads: instead of passing large files (images, video) through Temporal directly, they are uploaded to external storage (e.g., S3) and only a reference key is passed through the workflow. Combining both patterns keeps workflows lean and sensitive data protected. Demos use a pharmacy benefits management app written in C# with Python examples also referenced.
Sort: