dimas-b commented on code in PR #3330:
URL: https://github.com/apache/polaris/pull/3330#discussion_r2651854813
##########
client/python/apache_polaris/cli/constants.py:
##########
@@ -258,6 +260,12 @@ class Create:
"(Only for S3) Indicates that Polaris should not use STS (e.g.
if STS is not available)"
)
PATH_STYLE_ACCESS = "(Only for S3) Whether to use
path-style-access for S3"
+ KMS_KEY_CURRENT = (
+ "(Only for AWS S3) The AWS KMS key ARN to be used for
encrypting new S3 data"
Review Comment:
> my question was why would Polaris vends creds for old kms keys for
encrypting, [...]
Currently it does. However, this is beyond the scope of current PR (CLI).
It's about the actual java code from #2802 :)
Normally, I'd think "additional" keys should get only decryption rights, but
this may be tricky from the manual key rotation perspective.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
