fresh-borzoni opened a new pull request, #3658:
URL: https://github.com/apache/fluss/pull/3658
Today a secret in server.yaml (catalog OAuth creds, SASL passwords) can only
be a literal and so the whole file becomes sensitive, and on K8s you end up
rendering it through an init container just to inject one value.
This adds a Kafka-style ConfigProvider SPI: a value can be a marker that
Fluss dereferences at load time, so the config file only ever holds pointers.
```
config.providers: directory
config.providers.directory.param.allowed.paths: /etc/fluss/secrets
datalake.paimon.oauth.token: ${directory:/etc/fluss/secrets:oauth-token}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]