Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Catalog] Rotating container provided object store credentials #9690

Open
snazy opened this issue Oct 2, 2024 · 1 comment
Open

[Catalog] Rotating container provided object store credentials #9690

snazy opened this issue Oct 2, 2024 · 1 comment

Comments

@snazy
Copy link
Member

snazy commented Oct 2, 2024

Instead of providing the object store secrets used by Nessie via a secrets-manager (incl Quarkus), add a way to get object store credentials via the container (or VM or pod).

Container provided credentials are not to be considered static, but those can be rotated, so we have to have a way to re-retrieve those periodically.

This approach is likely only useful for VMs/pods accessing an object store within the same (public?) cloud.
@snazy
Copy link
Member Author

snazy commented Oct 16, 2024

Note: S3 + GCS look good with APPLICATION_GLOBAL/APPLICATION_DEFAULT auth-type settings. ADLS needs to be proven though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@snazy