adutra commented on PR #422: URL: https://github.com/apache/polaris/pull/422#issuecomment-2457320776
I agree that we need to proceed carefully since it's a security-related issue. I'd note, fwiw, that Keycloak [allows to bootstrap the root credentials via environment variables](https://www.keycloak.org/docs/latest/server_admin/#creating-first-admin_server_administration_guide). I don't think we can suspect Keycloak of taking security lightly :-) In [another place of Keycloak docs](https://www.keycloak.org/server/configuration#_creating_the_initial_admin_user), we can learn more about how the environment variables are processed: > If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly. Couldn't we do something similar to that? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
