xuang7 commented on issue #4240: URL: https://github.com/apache/texera/issues/4240#issuecomment-4527047384
Thanks for the diagrams and PR, @Sentiaus. The connection and export flows look very clear. For the refresh tokens, I think the encryption key should come from an environment variable or a KMS. I'd suggest using a well-established encryption library, since it should be easier to implement correctly and more securely. We should also make sure the library's license is compatible with our project, such as Apache 2.0 or MIT. We may also consider encrypting the entire auth state as a single blob, including refresh_token, scope, and provider-specific metadata, rather than encrypting individual fields. This could keep the schema simpler. In the longer term, it would be nice to abstract the connection layer into a `CloudStorageProvider` interface so we can support other providers later. But I think it is also fine to focus on the Google Drive export direction first, since that is the main scope of this issue. For reference, this is how Airflow handles connections: https://airflow.apache.org/docs/apache-airflow/2.4.0/_api/airflow/models/connection/index.html. It may be useful as an example. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
