catalog properties to use secrets

[yshtein]

hi

i have this catalog:

lakehouse.properties: | connector.name=iceberg iceberg.catalog.type=glue hive.metastore.glue.region=us-east-1 hive.metastore.glue.endpoint-url=https://glue.us-east-1.amazonaws.com iceberg.file-format=PARQUET hive.metastore.glue.aws-access-key=${TRINO_AWS_ACCESS_KEY} hive.metastore.glue.aws-secret-key=${TRINO_AWS_SECRET_KEY}

and I'm trying to replace the glue.aws-access-key/-secret-key. from secerts but with no success

I successfully created a sidecar that mounts mnt/trino/catalog/lakehouse.properties and then changed the hive.metastore.glue.aws-access-key to the real access keys but I cannot make Trino to use this mount because look like it only uses the etc/trino path

is there any other way to "make" trino use the "mnt/trino" path as well ? or any other way to use the above not as hard coded but as secret

thanks

@electrum @martint @uzzz @dain

[daveoy]

Try using env variables for these.

Your syntax is close, you just need to prefix your variable names there: ${ENV:variable-name}

Then all you need to do is make sure you add the env vars with secret refs to the env: section of your values file.