prestodb/presto

Pluggable Secret Management Logic in Presto

Open

#19.055 aperta il 14 feb 2023

Vedi su GitHub
 (4 commenti) (0 reazioni) (0 assegnatari)Java (5240 fork)batch import
Securityenhancementgood first issue

Metriche repository

Star
 (15.558 star)
Metriche merge PR
 (Merge medio 34g 14h) (120 PR mergiate in 30 g)

Descrizione

Another requirement which is really important for us to use Presto in production grade scenarios especially under the light of all audit and compliance requirements

Currently when you have a connector all the creds are stored in the usual way and its not protected

We need a a way to load secrets to presto

a) During startup b) On failure if connector needs ( especially if the secret is rotated etc) c) May be when we get events from secret management systems

Example for secret management system may be.

a) https://aws.amazon.com/secrets-manager/ b) https://www.ibm.com/cloud/secrets-manager

This could be a new plugin type and probably when the catalogues are loaded - corresponding secrets could also be loaded

Roughly interface could look like below for the new plugin


package com.facebook.presto.spi.security;

import java.util.Map;

public interface SecretsManager
{
    Map<String, String> fetchSecrets();
}

But before going this route I would like to get help from community on seeing any existing way of solving this problem

Else I would request kindly to consider this requirement

Guida contributor