tokoko commented on issue #2970: URL: https://github.com/apache/polaris/issues/2970#issuecomment-3714135253
@dimas-b @snazy I was wondering if "secrets manager" should be the only way to accomplish this. While I understand the need for it in a general case, in our deployment catalogs are created exclusively by a central "data platform" team that manages polaris itself, never by the individual data teams. The idea is to abstract away the storage, so it would not really make sense for the teams themselves to have access to these credentials in the first place. Rather than relying on polaris to manage secrets, it would be easier for the platform team to manage secrets externally, mount them in pods as environment variables and let catalogs refer to environment variables. The config for catalog would be something like `accessKeyIdEnvVar` rather than `accessKeyId`. I suspect a lot of existing deployments might follow the same pattern (??) and would benefit from a simpler solution like this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
