Hi Dmitri, This is what I was saying in my other email. Anyway I’m gonna update my PR with the changes I have made to get it working, the project won’t build because I haven’t update the tests etc, I just want to show my changes and see if we can agree on a direction before I make all the changes.
Thanks Fabio From: Dmitri Bourlatchkov <[email protected]> Date: Monday, 20 October 2025 at 17:38 To: [email protected] <[email protected]> Subject: [EXTERNAL]Re: KMS Key addition for s3 Hi Fabio, Ashok and All, Apologies if I'm missing something obvious, but the two WIP KMS PRs [1424] [2802] appear to be dealing only with AWS policies on the vended credential session. They do not appear to deal with client configuration (in LoadTable responses). As far as I understand, Iceberg clients need certain FileIO properties to be set in order to utilize KMS. I'd imagine that Polaris ought to provide these FileIO properties in LoadTable responses in addition to granting privileges for KMS access to the vended (session) credentials. In other words, the decision whether to use KMS rests with Polaris (we can discuss how to configure that). If that is enabled, clients should not need any extra configuration, they should get complete and usable configuration + credentials from Polaris. WDYT? [1424] https://github.com/apache/polaris/pull/1424 [2802] https://github.com/apache/polaris/pull/2802 Thanks, Dmitri. On Mon, Oct 13, 2025 at 3:50 AM Rizzo Cascio, Fabio <[email protected]> wrote: > Hi guys, > > I have created a new PR to be able to use a kms key for the S3 bucket, it > is mandatory for me to use any S3 storage and hopefully a good addition for > other people that want to use it. > > PR link: https://github.com/apache/polaris/pull/2802 > > Thanks > > Fabio > > This message is confidential and subject to terms at: > https://www.jpmorgan.com/emaildisclaimer including on confidential, > privileged or legal entity information, malicious content and monitoring of > electronic messages. If you are not the intended recipient, please delete > this message and notify the sender immediately. Any unauthorized use is > strictly prohibited. > This message is confidential and subject to terms at: https://www.jpmorgan.com/emaildisclaimer including on confidential, privileged or legal entity information, malicious content and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
