adutra commented on code in PR #841: URL: https://github.com/apache/polaris/pull/841#discussion_r1926738958
########## site/content/in-dev/unreleased/configuring-polaris-for-production.md: ########## @@ -23,114 +23,179 @@ type: docs weight: 600 --- -The default `polaris-server.yml` configuration is intended for development and testing. When deploying Polaris in production, there are several best practices to keep in mind. +## Tuning Polaris for Production -## Security +The default server configuration is intended for development and testing. When deploying Polaris in +production, there are several best practices to keep in mind. -### Configurations +Notable configuration options used to secure a Polaris deployment are outlined below. -Notable configuration used to secure a Polaris deployment are outlined below. +For more information on how to configure Polaris and what configuration options are available, +refer to the Configuration Reference page. -#### oauth2 +### Security -> [!WARNING] -> Ensure that the `tokenBroker` setting reflects the token broker specified in `authenticator` below. +Notable configuration options used to secure a Polaris deployment are outlined below. -* Configure [OAuth](https://oauth.net/2/) with this setting. Remove the `TestInlineBearerTokenPolarisAuthenticator` option and uncomment the `DefaultPolarisAuthenticator` authenticator option beneath it. -* Then, configure the token broker. You can configure the token broker to use either [asymmetric](https://github.com/apache/polaris/blob/b482617bf8cc508b37dbedf3ebc81a9408160a5e/polaris-service/src/main/java/io/polaris/service/auth/JWTRSAKeyPair.java#L24) or [symmetric](https://github.com/apache/polaris/blob/b482617bf8cc508b37dbedf3ebc81a9408160a5e/polaris-service/src/main/java/io/polaris/service/auth/JWTSymmetricKeyBroker.java#L23) keys. Review Comment: I will put the links back, although I'm generally not a fan of linking to source code. Users should know everything they need to know by reading the docs only. The latent issue with links to source code is that you either link to a blob, but then the blob will become outdated as time passes; or you link to the tip of a branch like `main`, but you risk having your link return 404 if the class is moved or deleted. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
