Hi Dmitri, That's an excellent idea, and I went ahead and created a PR that generates documentation for vended credentials automatically. These are sourced directly from the StorageAccessProperty enum constants:
https://github.com/apache/polaris/pull/5070 While working on this, I realized that we probably have a spurious credential being vended: "expiration-time". To my best knowledge, this does not correspond to any known credential, and is redundant with other expiration-time properties, like "s3.session-token-expires-at-ms", "gcs.oauth2.token-expires-at" and "adls.sas-token-expires-at-ms". I removed that property. Thanks, Alex On Wed, Jul 8, 2026 at 5:27 AM Dmitri Bourlatchkov <[email protected]> wrote: > > Hi All, > > Following up on the discussion in PR about ADLS and PyIceberg [1]. > > Apparently, there is no specification to define common property names for > vended credentials. Various clients seem to have different expectations. > > I wonder if it might be worth starting a doc page in Polaris to enumerate > at least what Polaris will vend for each supported storage type. > > WDYT? > > [1] https://github.com/apache/polaris/pull/4991#issuecomment-4910638048 > > Thanks, > Dmitri.
