[object-store]: Implement credential_process support for S3 #6422
Labels
enhancement
Any new improvement worthy of a entry in the changelog
Comments
edmondop
added
the
enhancement
|
@alamb since the linked PR is closed, can we mark this as closed? |
|
This is new, and although related to the linked issues, it is not closed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Credential process is a flexible solution for providing custom authentication mechanisms for object store. It is described as a part of the AWS SDK documentation and implementing it would allow more complex use cases to be fully supported by the current setup, without adding particular complexity.
How does it work?
When user decides to use the credential process, when a client needs credentials it invokes the process, which replies with a defined schema like so:
{ "Version": 1, "AccessKeyId": "an AWS access key", "SecretAccessKey": "your AWS secret access key", "SessionToken": "the AWS session token for temporary credentials", "Expiration": "RFC3339 timestamp for when the credentials expire" }The client knows when the expiration will occur, and will re-invoke the process when required.
What can we do?
We can then extend the AmazonS3Builder to support this use case via an environment variable
The text was updated successfully, but these errors were encountered: