Does Temporal scaler allow cert, key and ca base64 encoded as authencation method?

[knmsk]

Hi, I tried the temporal scaler with mTLS authentication options, and it works only when the decoded value of the kubernetes secrets is not base64. If you base64 the certificate and key and then insert this new value into the AWS Secrets Manager it throws:

error getting scalers cache failed to create Temporal client connection:
error parse X509KeyPair:
tls: failed to find any PEM data in certificate input

The question is: Is it something I did wrong, or is this something that the code is missing?

Example:

• <encodedbase64cert> for base64 encoded of the certificate:

-----BEGIN CERTIFICATE------
<content>
-----END CERTIFICATE------

• <encodedbase64key> for base64 encoded of the key:

-----BEGIN PRIVATE KEY------
-----END PRIVATE KEY -----

Creating the secret works with something like this:

spec:
  cert: <encodedbase64cert>
  key: <encodedbase64key>

When decoding, it would be:

spec:
  cert: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  key: |
    -----BEGIN PRIVATE KEY-----
    -----END PRIVATE KEY-----

Example of a secret that doesn't work.

When working with AWS secrets manager, you must use the base64-encoded values (encodedbase64cert and encodedbase64key) since it doesn't allow multiline strings. In the end, it would be mapped something like this:

{
  "cert": "<encodedbase64cert>",
  "key": "<encodedbase64key>"
}

The secret would be created like this:

spec:
  cert: <base64 of encodedbase64cert>
  key: <base64 of encodedbase64key>

When decoding:

spec:
  cert: <encodedbase64cert>
  key: <encodedbase64key>