Story, design and implementation for secrets management #776
Labels
enhancement
New feature or request
Comments
|
There some prior art that could serve as a source for thoughts: https://projectnessie.org/nessie-latest/configuration/#secrets-manager-settings |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Polaris does requires secrets like storage credentials and access credentials for remote systems.
Those secrets can currently only be configured statically via the configuration or persisted, latter is rather static as well. Also, secrets are currently persisted in various very different ways / property keys.
It would be much better to have a consistent way to access secrets and (let them) manage those in a secure way. At best, secrets would not even be stored in Polaris, but managed by trusted secrets managers.
All secrets should be considered "ephemeral" - meaning: secrets can be rotated at any time without even noticing Polaris. Already assuming in the design that secrets can be rotated at any without being noticed makes it easier for users and system integrators.
Describe the solution you'd like
No response
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: