temporal/custom-server/config/development.yaml

# Temporal Server Configuration with JWT Authorization

global:
  authorization:
    # JWT token validation settings
    jwtKeyProvider:
      # JWKS endpoint from your Keycloak - this provides the public keys
      # Format: https://your-keycloak.com/realms/yourRealm/protocol/openid-connect/certs
      keySourceURIs:
        - ${TEMPORAL_AUTH_ISSUER_URL}/.well-known/jwks.json
      # How often to refresh the keys (in Go duration format)
      refreshInterval: 1h
    
    # The claim name in the JWT that contains permissions
    # Default is "permissions" but you can customize this based on your Keycloak setup
    permissionsClaimName: "permissions"

# Database configuration
persistence:
  defaultStore: default
  visibilityStore: visibility
  numHistoryShards: 4
  datastores:
    default:
      sql:
        pluginName: "postgres12"
        databaseName: "temporal"
        connectAddr: "db:5432"
        connectProtocol: "tcp"
        user: "temporal"
        password: "${POSTGRES_PWD}"
        maxConns: 20
        maxIdleConns: 20
        maxConnLifetime: "1h"
    visibility:
      sql:
        pluginName: "postgres12"
        databaseName: "temporal_visibility"
        connectAddr: "db:5432"
        connectProtocol: "tcp"
        user: "temporal"
        password: "${POSTGRES_PWD}"
        maxConns: 10
        maxIdleConns: 10
        maxConnLifetime: "1h"

# Services configuration
services:
  frontend:
    rpc:
      grpcPort: 7233
      membershipPort: 6933
      bindOnIP: "0.0.0.0"

  matching:
    rpc:
      grpcPort: 7235
      membershipPort: 6935
      bindOnIP: "0.0.0.0"

  history:
    rpc:
      grpcPort: 7234
      membershipPort: 6934
      bindOnIP: "0.0.0.0"

  worker:
    rpc:
      grpcPort: 7239
      membershipPort: 6939
      bindOnIP: "0.0.0.0"

clusterMetadata:
  enableGlobalNamespace: false
  failoverVersionIncrement: 10
  masterClusterName: "active"
  currentClusterName: "active"
  clusterInformation:
    active:
      enabled: true
      initialFailoverVersion: 1
      rpcName: "frontend"
      rpcAddress: "127.0.0.1:7233"

dcRedirectionPolicy:
  policy: "noop"

archival:
  history:
    state: "disabled"
  visibility:
    state: "disabled"

publicClient:
  hostPort: "127.0.0.1:7233"

dynamicConfigClient:
  filepath: "/etc/temporal/config/dynamicconfig/development-sql.yaml"
  pollInterval: "10s"