Add option to load client secret from file in Temporal

[zboralski]

Currently, in order to provide the client secret to Temporal, we have to set the TEMPORAL_AUTH_CLIENT_SECRET environment variable. However, this approach has some limitations and potential security concerns, as environment variables can be accidentally logged, written to disk, or revealed to unauthorized users.

It would be helpful if Temporal had an option to load the client secret from a file instead. For example, we could add a --client-secret-file command-line option that would allow us to specify the path to the file containing the client secret.

This would make it easier to use Docker secrets, where secrets can be mounted as files in the container's filesystem. We could then simply mount the secret file to /secrets/client-secret in our compose YAML file and pass --client-secret-file /secrets/client-secret to Temporal.

In addition, it would be great if we could also have an environment variable, say TEMPORAL_AUTH_CLIENT_SECRET_FILE, that can point to the file containing the client secret. This would allow for even more flexibility in how secrets are managed.

Without this feature, users are forced to write a custom entrypoint.sh just to be able to load the secret, which adds unnecessary complexity to the setup process.

Could this feature be considered for a future release of Temporal? Thank you!

[yiminc]

Temporal server does not reference TEMPORAL_AUTH_CLIENT_SECRET, it seems this is referenced by ui server.