Skip to content

docs: mTLS documentation with example sample #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 1, 2025
Merged

docs: mTLS documentation with example sample #299

merged 8 commits into from
Nov 1, 2025

Conversation

@vishwa-uber
Copy link
Contributor

@vishwa-uber vishwa-uber commented Oct 28, 2025
edited
Loading

Whats new

Screenshot 2025-10-27 at 3 52 34 PM

In mTLS, both the client and server have a certificate, and both sides authenticate using their public/private key pair.
Steps:

  1. Client connects to server
  2. Server presents its TLS certificate
  3. Client verifies the server's certificate
  4. Client presents its TLS certificate
  5. Server verifies the client's certificate
  6. Server grants access
  7. Client and server exchange information over encrypted TLS connection

Testing Scenarios:
Screenshot 2025-10-22 at 2 19 09 PM

shijiesheng
shijiesheng reviewed Oct 28, 2025
View reviewed changes
docs/03-concepts/14-mutual-tls.md

---

## How mTLS Works
Copy link
Member

@shijiesheng shijiesheng Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 good writing!

docs/03-concepts/14-mutual-tls.md

---

## Complete Working Example
Copy link
Member

@shijiesheng shijiesheng Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add another section of How to enable mTLS?

demirkayaender
demirkayaender requested changes Oct 28, 2025
View reviewed changes
docs/03-concepts/14-mutual-tls.md Outdated

## Complete Working Example

For a complete working example with detailed code and configuration, refer to the [helloworld_tls sample](https://github.com/cadence-workflow/cadence-samples/tree/master/new_samples/client_samples/helloworld_tls) in the Cadence samples repository. This sample demonstrates how to:
Copy link
Member

@demirkayaender demirkayaender Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you update the samples change explaining how this command works?
./cadence-server --env development --zone tls start

docs/03-concepts/14-mutual-tls.md
│ All subsequent data is encrypted │
│ │
```

Copy link
Member

@demirkayaender demirkayaender Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a section here explaining how mTLS works with Cadence, explaining creating gRPC options, then the gRPC transport object and Cadence using it (how client is initialized). Leave links to the sample changes and the client repo.
Similarly please leave pointers to server code, explaining how a secure server is started.

@vishwa-uber vishwa-uber merged commit fe0f768 into cadence-workflow:master Nov 1, 2025
4 checks passed
@vishwa-uber vishwa-uber deleted the mutual_tls_doc branch November 1, 2025 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@demirkayaender demirkayaender demirkayaender approved these changes

@shijiesheng shijiesheng Awaiting requested review from shijiesheng

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vishwa-uber @shijiesheng @demirkayaender