maytasm3 commented on issue #9305: Add support for optional cloud (aws, gcs, etc.) credentials for s3 for ingestion URL: https://github.com/apache/druid/issues/9305#issuecomment-584411444 @jihoonson Thanks for the feedbacks. - If I understand correctly, passwordProvider is an interface which can be backed by different ways to (optionally securely) access secrets. An existing implementation we have that I am planning to use (for first version of this feature) is EnvironmentVariablePasswordProvider. This will retrieve the password using the supplied environment key provided (the environment key names will be provided in the ingestion spec). We can use this for now since it is already implemented and is use to deal with passing password in other configs. Other ideas I have that can implement the passwordProvider to provide alternative ways of passing passwords are: 1. We can make the ingestionSpec takes in a file path. The file path will contains the access key and secret key. The file will be on the machine or on cloud (using default cloud credential) 2. We can make the ingestionSpec takes in an encrypted access key and secret key. The decryption key will be an environment variable that is set beforehand. Customer will have to encrypt the access key and secret key themself before putting it in the ingestionSpec (This can be implement later if we find useful and in addition, can be use in other places that requires passing password though config/api/insecure channel. - Good point. I agree. We can omit the "override" prefix. Since these new keys is part of the "inputSource", I do not think people will confuse it with other usage of s3 (since it is in the "inputSource" section). Anyhow, the "override" is not needed. - That's a good idea. I agree that in the future it might be necessary to support other properties of s3/cloud to make the ingestion more flexible (and since we already support taking in optional credentials, there is no reason architecturally not to support other properties).
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
