eric-maynard commented on PR #422: URL: https://github.com/apache/polaris/pull/422#issuecomment-2489480499
+1 @dimas-b, I think this is a partial fix for that problem. However we probably shouldn't allow bootstrapping _without_ specifying credentials if the intent is that users can retrieve secrets from the metastore but we no longer put them in the metastore. I still think we can merge this as-is and follow up with that potential restriction. Other possibilities: 1. Make EclipseLink boostrap print secrets like in-memory bootstrap does 2. Make it so that we persist plaintext secrets for primary secrets but not secondary secrets 3. Hack #438 so that (2) applies only to root's first-time secret, and enforce rotation on root Any preferences @dimas-b / @collado-mike ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
