eric-maynard commented on issue #1516: URL: https://github.com/apache/polaris/issues/1516#issuecomment-2851864047
Hey @chenyue9713, the way this is meant to work in production is indeed that the Polaris server can update its AWS credentials without a restart. The env variable method for getting credentials onto the credential chain would not be recommended in production, though it's useful for testing. This feature doesn't make sense for me for a different reason than what @adnanhemani mentioned. Fundamentally, the server is responsible for managing credentials and supplying them (after subscoping) to the Iceberg client. It doesn't make sense for the Iceberg client to update the credentials on the server. The `StorageConfigInfo` implementations intentionally don't contain credentials for the reason that @adnanhemani mentioned. We don't storage any credentials there long-lived or otherwise and storage credentials never land in persistence as a result. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
