eric-maynard commented on PR #461: URL: https://github.com/apache/polaris/pull/461#issuecomment-2529017004
I added a note in the most recent commit to clarify, but the best thing users can do is provide secrets through env variables. The credential printing is there as a workaround (the in-memory metastore always does this) for testing or development. The important thing is we don’t let users brick the metastore. If printing is super controversial then we can always just require the env variables for now. On Mon, Dec 9, 2024 at 10:22 AM Yufei Gu ***@***.***> wrote: > Agreed to not log the secrets, but I also feel the urgency of fixing > EclipseLink. How about writing the secrets into a separated file? Here are > benefits: > > 1. A file can be potentially integrated with third-party secret > managers in the future. > 2. Avoid putting secrets in logs > 3. No configuration item needed, alway persist the secrets file in > case of auto-generation. > > — > Reply to this email directly, view it on GitHub > <https://github.com/apache/polaris/pull/461#issuecomment-2529006729>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AFRE3SAZOHDY4HHUR56KOTD2EXNU5AVCNFSM6AAAAABSF72CZGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMRZGAYDMNZSHE> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> > -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
