adutra commented on PR #4696: URL: https://github.com/apache/polaris/pull/4696#issuecomment-4681732751
> catalogs typically carry static credentials (`s3.access-key-id` / `s3.secret-access-key`) as catalog properties. Isn't this a bad practice? In the [REST Federation](https://polaris.apache.org/releases/1.5.0/federation/iceberg-rest-federation/) doc page, we say: > Catalog properties are returned to authenticated catalog clients as part of the Iceberg REST /config response. Only place non-sensitive client configuration in catalog properties. Do not put passwords, tokens, access keys, or other secrets into catalog properties. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
