Hi Srinivas, Thanks for sharing this proposal. Persisting long lived credentials such as an S3 secret access key directly in table properties raises significant security concerns. Here is an alternative approach previously discussed, which enables storage configuration at the table or namespace level, and it is probably a more secure and promising direction overall.
Yufei On Mon, Jan 26, 2026 at 8:18 PM Srinivas Rishindra <[email protected]> wrote: > Dear All, > > I have developed a design proposal for Table-Level Storage Credential > Overrides in Apache Polaris. > > The core objective is to allow specific storage properties to be defined at > the table level rather than the catalog level, enabling a single logical > catalog to support tables across disparate storage systems. Crucially, the > implementation ensures these overrides participate in the credential > vending process to maintain secure, scoped access. > > I have also implemented a Proof of Concept (POC) pull request to > demonstrate the idea. While the current MVP focuses on S3, I intend to > expand scope to include Azure and GCS pending community feedback. > > I look forward to your thoughts and suggestions on this proposal. > > Links: > > - Design Doc: Table-Level Storage Credential Overrides ( > > https://docs.google.com/document/d/1tf4N8GKeyAAYNoP0FQ1zT1Ba3P1nVGgdw3nmnhSm-u0/edit?usp=sharing > ) > - POC PR: https://github.com/apache/polaris/pull/3563 ( > https://github.com/apache/polaris/pull/3563) > > Best regards, > > Srinivas Rishindra Pothireddi >
