Hi All, I have a tangential question: Is it even possible to configure Apache Polaris to perform credential vending for Federated or External catalogs in a realistic deployment (i.e. not in-memory)?
I do not mean it as a tricky question :) just trying to understand the scope of this problem... So if anyone has answers / pointers, please share. For example, for remote Iceberg REST Catalogs I was only able to find this provider of connection credentials: UnsafeInMemorySecretsManager... perhaps I missed something. Thanks, Dmitri. On Thu, Feb 5, 2026 at 11:21 AM Alexandre Dutra <[email protected]> wrote: > Hi all, > > I noticed today that we have two very similar feature flags: > > - ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING > - ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING > > Each flag is only used in one location each: [1] [2]. > > Additionally, the second feature flag uses an ambiguous catalog > property name: "polaris.config.enable.credential.vending". It > misleadingly suggests it works for internal catalogs as well. > > I therefore propose two improvements: > > 1) Would it be acceptable to merge these two seemingly redundant > feature flags? Or could someone explain why we need both? > > 2) If not, should we rename the above property to e.g. > "polaris.config.allow-external-catalogs-credential-vending" for > greater clarity (and deprecate the old one)? > > Thanks, > Alex > > [1]: > https://github.com/apache/polaris/blob/a2418c8711dca10a22ebfaef20a3b5cec2057fa5/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java#L1305-L1317 > > [2]: > https://github.com/apache/polaris/blob/a2418c8711dca10a22ebfaef20a3b5cec2057fa5/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java#L854 >
