andersonm-ibm commented on pull request #4080: URL: https://github.com/apache/iceberg/pull/4080#issuecomment-1034880588
> > Why can't it be used in production, and what if I want to use it in production? Can you help me understand? > > @andersonm-ibm > > Hi @liujinhui1994 . This can be used as the basis for the production-grade KMS client. However, some of the reasons for this not being production-ready, in no specific order: > > * We won't be supporting changes in Vault API, which might break this client , or maintaining different versions of this client > > * More flexibility might be needed in the definition of the path to the transit engine, which in this example is hardcoded to "/v1/transit" > > * The final decision on how to pass the access token might depend on the production environment and company policies > > * Error handling can be made more tailored to specific use cases. For example, if you need to differentiate the cases where Vault doesn't grant access to the keys, then you would define a specific exception > > * More rigorous testing would be required to cover all the scenarios relevant to a production environment And, of course, a large and important missing part here is token lifecycle management. It would be interesting to hear about various usage scenarios in order to understand which token lifecycle events to support. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
