eric-maynard commented on code in PR #841: URL: https://github.com/apache/polaris/pull/841#discussion_r1927460674
########## site/content/in-dev/unreleased/configuring-polaris-for-production.md: ########## @@ -23,114 +23,179 @@ type: docs weight: 600 --- -The default `polaris-server.yml` configuration is intended for development and testing. When deploying Polaris in production, there are several best practices to keep in mind. +## Tuning Polaris for Production -## Security +The default server configuration is intended for development and testing. When deploying Polaris in +production, there are several best practices to keep in mind. -### Configurations +Notable configuration options used to secure a Polaris deployment are outlined below. -Notable configuration used to secure a Polaris deployment are outlined below. +For more information on how to configure Polaris and what configuration options are available, +refer to the Configuration Reference page. -#### oauth2 +### Security -> [!WARNING] -> Ensure that the `tokenBroker` setting reflects the token broker specified in `authenticator` below. +Notable configuration options used to secure a Polaris deployment are outlined below. -* Configure [OAuth](https://oauth.net/2/) with this setting. Remove the `TestInlineBearerTokenPolarisAuthenticator` option and uncomment the `DefaultPolarisAuthenticator` authenticator option beneath it. -* Then, configure the token broker. You can configure the token broker to use either [asymmetric](https://github.com/apache/polaris/blob/b482617bf8cc508b37dbedf3ebc81a9408160a5e/polaris-service/src/main/java/io/polaris/service/auth/JWTRSAKeyPair.java#L24) or [symmetric](https://github.com/apache/polaris/blob/b482617bf8cc508b37dbedf3ebc81a9408160a5e/polaris-service/src/main/java/io/polaris/service/auth/JWTSymmetricKeyBroker.java#L23) keys. Review Comment: I thought we had it on the webpage, but it looks like we don't. Bummer. To solve the issue with a 404, we could link to either a commit or a release branch. But also, if main changes to a degree that the interface changes, then the docs should be updated at that time as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
