mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-27 20:05:10 +00:00
1f9f43d267
This PR extends the KMS host to support temporary AWS security credentials provided externally via the Scylla configuration file, environment variables, or the AWS credentials file. The KMS host already supports: * Temporary credentials obtained automatically from the EC2 instance metadata service or via IAM role assumption. * Long-term credentials provided externally via configuration, environment, or the AWS credentials file. This PR is about temporary credentials that are external, i.e., not generated by Scylla. Such credentials may be issued, for example, through identity federation (e.g., Okta + gimme-aws-creds). External temporary credentials are useful for short-lived tasks like local development, debugging corrupted SSTables with `scylla-sstable`, or other local testing scenarios. These credentials are temporary and cannot be refreshed automatically, so this method is not intended for production use. Documentation has been updated to mention these additional credential sources. Fixes #22470. New feature, no backport is needed. Closes scylladb/scylladb#22465 * github.com:scylladb/scylladb: doc: Expose new `aws_session_token` option for KMS hosts kms_host: Support authn with temporary security credentials encryption_config: Mention environment in credential sources for KMS
