Configuration Reference
This document provides a comprehensive reference for all Polaris configuration options.
All properties listed here are runtime properties and can be changed without rebuilding Polaris.
Table of Contentsπ
- Features & Behavior
- Authentication & Authorization
- Storage & Credentials
- Persistence
- Events
- Operational
- Other
Features & Behaviorπ
polaris.featuresπ
Feature configurations for Polaris. These are stable, user-facing settings.
polaris.features."ADD_TRAILING_SLASH_TO_LOCATION"π
When set, the base location for a table or namespace will have / added as a suffix if not present
- Type:
Boolean - Default:
true - Catalog Config:
polaris.config.add-trailing-slash-to-location
polaris.features."ALLOW_DROPPING_NON_EMPTY_PASSTHROUGH_FACADE_CATALOG"π
If enabled, allow dropping a passthrough-facade catalog even if it contains namespaces or tables. passthrough-facade catalogs may contain leftover entities when syncing with source catalog.In the short term these entities will be ignored, in the long term there will be method/background job to clean them up.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.allow-dropping-non-empty-passthrough-facade-catalog
polaris.features."ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING"π
If set to true, allow credential vending for external catalogs.
- Type:
Boolean - Default:
true - Catalog Config:
polaris.config.enable.credential.vending
polaris.features."ALLOW_EXTERNAL_METADATA_FILE_LOCATION"π
If set to true, allows metadata files to be located outside the default metadata directory.
- Type:
Boolean - Default:
false
polaris.features."ALLOW_EXTERNAL_TABLE_LOCATION"π
If set to true, allows tables to have external locations outside the default structure.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.allow.external.table.location
polaris.features."ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING"π
If set to true (default), allow credential vending for external catalogs. Note this requires ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING to be true first.
- Type:
Boolean - Default:
true - Catalog Config:
polaris.config.allow-federated-catalogs-credential-vending
polaris.features."ALLOW_INSECURE_STORAGE_TYPES"π
Allow usage of FileIO implementations that are considered insecure. Enabling this setting may expose the service to possibly severe security risks! This should only be set to ’true’ for tests!
- Type:
Boolean - Default:
false
polaris.features."ALLOW_NAMESPACE_LOCATION_OVERLAP"π
If set to true, allow one namespace’s location to reside within another namespace’s location. This is only enforced within a parent catalog or namespace.
- Type:
Boolean - Default:
false
polaris.features."ALLOW_OPTIMIZED_SIBLING_CHECK"π
When set to true, Polaris will permit enabling the feature OPTIMIZED_SIBLING_CHECK for catalogs, this is done to prevent accidental enabling the feature in cases such as schema migrations, without backfill and hence leading to potential data integrity issues. This will be removed in 2.0.0 when polaris ships with the necessary migrations to backfill the index.
- Type:
Boolean - Default:
false
polaris.features."ALLOW_OVERLAPPING_CATALOG_URLS"π
If set to true, allows catalog URLs to overlap.
- Type:
Boolean - Default:
false
polaris.features."ALLOW_SETTING_S3_ENDPOINTS"π
If set to true (default), Polaris will permit S3 storage configurations to have custom endpoints. If set to false, Polaris will not accept catalog create and update requests that contain S3 endpoint properties.
- Type:
Boolean - Default:
true
polaris.features."ALLOW_SETTING_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS"π
If set to true (default), Polaris will allow setting or changing catalog property polaris.config.enable-sub-catalog-rbac-for-federated-catalogs.If set to false, Polaris will disallow setting or changing the above catalog property
- Type:
Boolean - Default:
true
polaris.features."ALLOW_SPECIFYING_FILE_IO_IMPL"π
Config key for whether to allow setting the FILE_IO_IMPL using catalog properties. Must only be enabled in dev/test environments, should not be in production systems.
- Type:
Boolean - Default:
false
polaris.features."ALLOW_TABLE_LOCATION_OVERLAP"π
If set to true, allow one table’s location to reside within another table’s location. This is only enforced within a given namespace.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.allow.overlapping.table.location
polaris.features."ALLOW_UNSTRUCTURED_TABLE_LOCATION"π
If set to true, allows unstructured table locations.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.allow.unstructured.table.location
polaris.features."ALLOW_WILDCARD_LOCATION"π
Indicates whether asterisks (’*’) in configuration values defining allowed storage locations are processed as meaning ‘any location’.
- Type:
Boolean - Default:
false
polaris.features."AZURE_RETRY_COUNT"π
Number of retry attempts for Azure API requests. Uses exponential backoff with jitter to handle transient failures.
- Type:
Integer - Default:
3
polaris.features."AZURE_RETRY_DELAY_MILLIS"π
Initial delay in milliseconds before first retry for Azure API requests. Delay doubles with each retry (exponential backoff).
- Type:
Integer - Default:
2000
polaris.features."AZURE_RETRY_JITTER_FACTOR"π
Jitter factor (0.0 to 1.0) applied to retry delays for Azure API requests. The jitter is applied as a random percentage of the computed exponential backoff delay. For example, 0.5 means up to 50%% random jitter will be added to each retry delay. Helps prevent thundering herd when multiple requests fail simultaneously.
- Type:
Double - Default:
0.5
polaris.features."AZURE_TIMEOUT_MILLIS"π
Timeout in milliseconds for Azure API requests. Prevents indefinite blocking when Azure endpoints are slow or unresponsive. Used internally by Azure storage integration for credential vending and other operations.
- Type:
Integer - Default:
15000
polaris.features."CLEANUP_ON_CATALOG_DROP"π
If set to true, clean up data when a catalog is dropped
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.cleanup.on.catalog.drop
polaris.features."CLEANUP_ON_NAMESPACE_DROP"π
If set to true, clean up data when a namespace is dropped
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.cleanup.on.namespace.drop
polaris.features."DEFAULT_LOCATION_OBJECT_STORAGE_PREFIX_ENABLED"π
When enabled, Iceberg tables and views created without a location specified will have a prefix applied to the location within the catalog’s base location, rather than a location directly inside the parent namespace. Note that this requires ALLOW_EXTERNAL_TABLE_LOCATION to be enabled, but with OPTIMIZED_SIBLING_CHECK enabled it is still possible to enforce the uniqueness of table locations within a catalog.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.default-table-location-object-storage-prefix.enabled
polaris.features."DROP_WITH_PURGE_ENABLED"π
If set to true, allows tables to be dropped with the purge parameter set to true.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.drop-with-purge.enabled
polaris.features."ENABLE_CATALOG_FEDERATION"π
If true, allows creating and using ExternalCatalogs containing ConnectionConfigInfos to perform federation to remote catalogs.
- Type:
Boolean - Default:
false
polaris.features."ENABLE_CREDENTIAL_RESET"π
Flag to enable or disable the API to reset principal credentials. Defaults to enabled, but service providers may want to disable it.
- Type:
Boolean - Default:
true
polaris.features."ENABLE_FINE_GRAINED_UPDATE_TABLE_PRIVILEGES"π
When true, enables finer grained update table privileges which are passed to the authorizer for update table operations
- Type:
Boolean - Default:
true - Catalog Config:
polaris.config.enable-fine-grained-update-table-privileges
polaris.features."ENABLE_GENERIC_TABLES"π
If true, the generic-tables endpoints are enabled
- Type:
Boolean - Default:
true
polaris.features."ENABLE_POLICY_STORE"π
If true, the policy-store endpoints are enabled
- Type:
Boolean - Default:
true
polaris.features."ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS"π
When enabled, allows RBAC operations to create synthetic entities for entities in federated catalogs that don’t exist in the local metastore.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.enable-sub-catalog-rbac-for-federated-catalogs
polaris.features."ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING"π
If set to true, require that principals must rotate their credentials before being used for anything else.
- Type:
Boolean - Default:
false
polaris.features."ENTITY_CACHE_WEIGHER_TARGET"π
The maximum weight for the entity cache. This is a heuristic value without any particular unit of measurement. It roughly correlates with the total heap size of cached values. Fine-tuning requires experimentation in the specific deployment environment
- Type:
Long - Default:
104857600
polaris.features."ICEBERG_COMMIT_MAX_RETRIES"π
The max number of times to try committing to an Iceberg table
- Type:
Integer - Default:
4 - Catalog Config:
polaris.config.iceberg-commit-max-retries
polaris.features."ICEBERG_ROLLBACK_COMPACTION_ON_CONFLICTS"π
Rollback replace snapshots created by compaction which have polaris.internal.conflict-resolution.by-operation-type.replace property set to rollback in their snapshot summary
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.rollback.compaction.on-conflicts.enabled
polaris.features."INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL"π
If set to true, principal name will be included in temporary subscoped credentials. Currently only AWS credentials are supported for which session name of the generated credentials will look like ‘polaris-
- Type:
Boolean - Default:
false
polaris.features."INCLUDE_SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL"π
If set to true, session tags (catalog, namespace, table, principal, roles) will be included in AWS STS AssumeRole requests for credential vending. These tags appear in CloudTrail events, enabling correlation between catalog operations and S3 data access. Requires the IAM role trust policy to allow sts:TagSession action. Note that enabling this feature may lead to degradation in temporary credential caching as catalog will no longer be able to reuse credentials for different tables/namespaces/roles.
- Type:
Boolean - Default:
false
polaris.features."INCLUDE_TRACE_ID_IN_SESSION_TAGS"π
If set to true (and INCLUDE_SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL is also true), the OpenTelemetry trace ID will be included as a session tag in AWS STS AssumeRole requests. This enables end-to-end correlation between catalog operations (Polaris events), credential vending (CloudTrail), and metrics reports from compute engines. WARNING: Enabling this feature completely disables credential caching because every request has a unique trace ID. This may significantly increase latency and STS API costs. Consider leaving this disabled unless end-to-end tracing correlation is critical.
- Type:
Boolean - Default:
false
polaris.features."LIST_PAGINATION_ENABLED"π
If set to true, pagination for APIs like listTables is enabled.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.list-pagination-enabled
polaris.features."MAX_METADATA_REFRESH_RETRIES"π
How many times to retry refreshing metadata when the previous error was retryable
- Type:
Integer - Default:
2
polaris.features."OPTIMIZED_SIBLING_CHECK"π
When set, an index is used to perform the sibling check between tables, views, and namespaces. New locations will be checked against previous ones based on components, so the new location /foo/bar/ will check for a sibling at /, /foo/ and /foo/bar/%. In order for this check to be correct, locations should end with a slash. See ADD_TRAILING_SLASH_TO_LOCATION for a way to enforce this when new locations are added. Only supported by the JDBC metastore.
- Type:
Boolean - Default:
false
polaris.features."POLARIS_TASK_TIMEOUT_MILLIS"π
Polaris task expiry timeout (milliseconds). Older unfinished tasks may not be processed.
- Type:
Long - Default:
300000
polaris.features."PURGE_VIEW_METADATA_ON_DROP"π
If set to true, Polaris will attempt to delete view metadata files when a view is dropped.
- Type:
Boolean - Default:
true - Catalog Config:
polaris.config.purge-view-metadata-on-drop
polaris.features."RESOLVE_CREDENTIALS_BY_STORAGE_NAME"π
If set to true, resolve AWS credentials based on the storageName field of the storage configuration. When disabled, the default AWS credentials are used for all storages.
- Type:
Boolean - Default:
false
polaris.features."SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION"π
If set to true, skip credential-subscoping indirection entirely whenever trying to obtain storage credentials for instantiating a FileIO. If ’true’, no attempt is made to use StorageConfigs to generate table-specific storage credentials, but instead the default fallthrough of table-level credential properties or else provider-specific APPLICATION_DEFAULT credential-loading will be used for the FileIO. Typically this setting is used in single-tenant server deployments that don’t rely on “credential-vending” and can use server-default environment variables or credential config files for all storage access, or in test/dev scenarios.
- Type:
Boolean - Default:
false
polaris.features."STORAGE_CREDENTIAL_CACHE_DURATION_SECONDS"π
How long to store storage credentials in the local cache. This should be less than STORAGE_CREDENTIAL_DURATION_SECONDS
- Type:
Integer - Default:
1800
polaris.features."STORAGE_CREDENTIAL_DURATION_SECONDS"π
The duration of time that vended storage credentials are valid for. Support for longer (or shorter) durations is dependent on the storage provider. GCS current does not respect this value.
- Type:
Integer - Default:
3600
polaris.features."SUPPORTED_CATALOG_CONNECTION_TYPES"π
The list of supported catalog connection types for federation
- Type:
List<String> - Default:
[ICEBERG_REST]
polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"π
The list of supported storage types for a catalog
- Type:
List<String> - Default:
[S3, AZURE, GCS] - Catalog Config:
polaris.config.supported.storage.types
polaris.features."SUPPORTED_EXTERNAL_CATALOG_AUTHENTICATION_TYPES"π
The list of supported authentication types for catalog federation
- Type:
List<String> - Default:
[OAUTH, BEARER, SIGV4]
polaris.features."TABLE_METADATA_CLEANUP_BATCH_SIZE"π
Metadata batch size for tasks that clean up dropped tables’ files.
- Type:
Integer - Default:
10
polaris.behavior-changesπ
Internal behavior change configurations. These are unstable and may be removed.
polaris.behavior-changes."ALLOW_NAMESPACE_CUSTOM_LOCATION"π
If set to true, allow namespaces with completely arbitrary locations. This should not affect credential vending.
- Type:
Boolean - Default:
false - Catalog Config:
polaris.config.namespace-custom-location.enabled
polaris.behavior-changes."ENTITY_CACHE_SOFT_VALUES"π
Whether or not to use soft values in the entity cache
- Type:
Boolean - Default:
false
polaris.behavior-changes."SCHEMA_VERSION_FALL_BACK_ON_DNE"π
If set to true, exceptions encountered while loading the VERSION table which appear to be caused by the VERSION table not existing will be interpreted as meaning that the schema version is currently 0.
- Type:
Boolean - Default:
true
polaris.behavior-changes."STORAGE_CONFIGURATION_MAX_LOCATIONS"π
How many locations can be associated with a storage configuration, or -1 for unlimited locations
- Type:
Integer - Default:
-1
polaris.behavior-changes."TABLE_OPERATIONS_MAKE_METADATA_CURRENT_ON_COMMIT"π
If true, BasePolarisTableOperations should mark the metadata that is passed into commit as current, and reuse it to skip a trip to object storage to re-construct the committed metadata again.
- Type:
Boolean - Default:
true
polaris.behavior-changes."VALIDATE_VIEW_LOCATION_OVERLAP"π
If true, validate that view locations don’t overlap when views are created
- Type:
Boolean - Default:
true
Authentication & Authorizationπ
polaris.authenticationπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.authentication.type | internal | INTERNAL, EXTERNAL, MIXED | The type of authentication to use. |
polaris.authentication.authenticator.type | default | string | The type of the identity provider. Must be a registered (Authenticator) identifier. |
polaris.authentication.token-service.type | default | string | The type of the OAuth2 service. Must be a registered (IcebergRestOAuth2ApiService) identifier. |
polaris.authentication.token-broker.max-token-generation | PT1H | duration | The maximum token duration. |
polaris.authentication.token-broker.type | rsa-key-pair | string | The type of the token broker factory. Must be a registered (TokenBrokerFactory) identifier. |
polaris.authentication.token-broker.rsa-key-pair.public-key-file | path | The path to the public key file. | |
polaris.authentication.token-broker.rsa-key-pair.private-key-file | path | The path to the private key file. | |
polaris.authentication.token-broker.symmetric-key.secret | string | The secret to use for both signing and verifying signatures. Either this option of (#file()) must be provided. | |
polaris.authentication.token-broker.symmetric-key.file | path | The file to read the secret from. Either this option of (#secret()) must be provided. | |
polaris.authentication.<realm>.type | internal | INTERNAL, EXTERNAL, MIXED | The type of authentication to use. |
polaris.authentication.<realm>.authenticator.type | default | string | The type of the identity provider. Must be a registered (Authenticator) identifier. |
polaris.authentication.<realm>.token-service.type | default | string | The type of the OAuth2 service. Must be a registered (IcebergRestOAuth2ApiService) identifier. |
polaris.authentication.<realm>.token-broker.max-token-generation | PT1H | duration | The maximum token duration. |
polaris.authentication.<realm>.token-broker.type | rsa-key-pair | string | The type of the token broker factory. Must be a registered (TokenBrokerFactory) identifier. |
polaris.authentication.<realm>.token-broker.rsa-key-pair.public-key-file | path | The path to the public key file. | |
polaris.authentication.<realm>.token-broker.rsa-key-pair.private-key-file | path | The path to the private key file. | |
polaris.authentication.<realm>.token-broker.symmetric-key.secret | string | The secret to use for both signing and verifying signatures. Either this option of (#file()) must be provided. | |
polaris.authentication.<realm>.token-broker.symmetric-key.file | path | The file to read the secret from. Either this option of (#secret()) must be provided. |
polaris.authorizationπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.authorization.type | internal | string |
polaris.authorization.opaπ
Configuration for OPA (Open Policy Agent) authorization.
Beta Feature: OPA authorization is currently in Beta and is not a stable release. It may undergo breaking changes in future versions. Use with caution in production environments.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.authorization.opa.policy-uri | uri | ||
polaris.authorization.opa.auth.type | none | NONE, BEARER | Type of authentication |
polaris.authorization.opa.auth.bearer.static-token.value | string | Static bearer token value | |
polaris.authorization.opa.auth.bearer.file-based.path | path | Path to file containing bearer token | |
polaris.authorization.opa.auth.bearer.file-based.refresh-interval | duration | How often to refresh file-based bearer tokens (defaults to 5 minutes if not specified) | |
polaris.authorization.opa.auth.bearer.file-based.jwt-expiration-refresh | boolean | Whether to automatically detect JWT tokens and use their ’exp’ field for refresh timing. If true and the token is a valid JWT with an ’exp’ claim, the token will be refreshed based on the expiration time minus the buffer, rather than the fixed refresh interval. Defaults to true if not specified. | |
polaris.authorization.opa.auth.bearer.file-based.jwt-expiration-buffer | duration | Buffer time before JWT expiration to refresh the token. Only used when jwtExpirationRefresh is true and the token is a valid JWT. Defaults to 1 minute if not specified. | |
polaris.authorization.opa.http.timeout | PT2S | duration | |
polaris.authorization.opa.http.verify-ssl | true | boolean | |
polaris.authorization.opa.http.trust-store-path | path | ||
polaris.authorization.opa.http.trust-store-password | string |
polaris.oidcπ
Polaris-specific configuration for OIDC tenants.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.oidc.principal-mapper.id-claim-path | string | The path to the claim that contains the principal ID. Nested paths can be expressed using “/” as a separator, e.g. "resource_access/client1/roles" would look for the “roles” field inside the “client1” object inside the “resource_access” object in the token claims.Optional. Either this option or ( #nameClaimPath()) must be provided. | |
polaris.oidc.principal-mapper.name-claim-path | string | The claim that contains the principal name. Nested paths can be expressed using “/” as a separator, e.g. "resource_access/client1/roles" would look for the “roles” field inside the “client1” object inside the “resource_access” object in the token claims.Optional. Either this option or ( #idClaimPath()) must be provided. | |
polaris.oidc.principal-mapper.type | default | string | The type of the principal mapper. Must be a registered (org.apache.polaris.service.auth.external.mapping.PrincipalMapper) identifier. |
polaris.oidc.principal-roles-mapper.type | default | string | The type of the principal roles mapper. Must be a registered (org.apache.polaris.service.auth.external.mapping.PrincipalRolesMapper) identifier. |
polaris.oidc.principal-roles-mapper.filter | string | A regular expression that matches the role names in the identity. Only roles that match this regex will be included in the Polaris-specific roles. | |
polaris.oidc.principal-roles-mapper.mappings | list of | A list of regex mappings that will be applied to each role name in the identity. | |
polaris.oidc.principal-roles-mapper.mappings.regex | string | A regular expression that will be applied to each role name in the identity. Along with (#replacement()), this regex is used to transform the role names in the identity into Polaris-specific roles. | |
polaris.oidc.principal-roles-mapper.mappings.replacement | string | The replacement string for the role names in the identity. This is used along with (#regex()) to transform the role names in the identity into Polaris-specific roles. | |
polaris.oidc.<tenant>.principal-mapper.id-claim-path | string | The path to the claim that contains the principal ID. Nested paths can be expressed using “/” as a separator, e.g. "resource_access/client1/roles" would look for the “roles” field inside the “client1” object inside the “resource_access” object in the token claims.Optional. Either this option or ( #nameClaimPath()) must be provided. | |
polaris.oidc.<tenant>.principal-mapper.name-claim-path | string | The claim that contains the principal name. Nested paths can be expressed using “/” as a separator, e.g. "resource_access/client1/roles" would look for the “roles” field inside the “client1” object inside the “resource_access” object in the token claims.Optional. Either this option or ( #idClaimPath()) must be provided. | |
polaris.oidc.<tenant>.principal-mapper.type | default | string | The type of the principal mapper. Must be a registered (org.apache.polaris.service.auth.external.mapping.PrincipalMapper) identifier. |
polaris.oidc.<tenant>.principal-roles-mapper.type | default | string | The type of the principal roles mapper. Must be a registered (org.apache.polaris.service.auth.external.mapping.PrincipalRolesMapper) identifier. |
polaris.oidc.<tenant>.principal-roles-mapper.filter | string | A regular expression that matches the role names in the identity. Only roles that match this regex will be included in the Polaris-specific roles. | |
polaris.oidc.<tenant>.principal-roles-mapper.mappings | list of | A list of regex mappings that will be applied to each role name in the identity. | |
polaris.oidc.<tenant>.principal-roles-mapper.mappings.regex | string | A regular expression that will be applied to each role name in the identity. Along with (#replacement()), this regex is used to transform the role names in the identity into Polaris-specific roles. | |
polaris.oidc.<tenant>.principal-roles-mapper.mappings.replacement | string | The replacement string for the role names in the identity. This is used along with (#regex()) to transform the role names in the identity into Polaris-specific roles. | |
polaris.oidc.tenant-resolver.type | default | string | The type of the OIDC tenant resolver. Must be a registered (OidcTenantResolver) implementation. |
polaris.service-identityπ
Configuration interface for managing service identities across multiple realms in Polaris.
A service identity represents the Polaris service itself when it needs to authenticate to external systems (e.g., AWS services for SigV4 authentication). Each realm can configure its own set of service identities for different cloud providers.
This interface supports multi-tenant deployments where each realm (tenant) can have distinct service identities, as well as single-tenant deployments with a default configuration shared across all catalogs.
Configuration is loaded from polaris.service-identity.* properties at startup and includes credentials that Polaris uses to assume customer-provided roles when accessing federated catalogs.
Example Configuration:
# Default service identity (used when no realm-specific configuration exists)
polaris.service-identity.aws-iam.iam-arn=arn:aws:iam::123456789012:user/polaris-default-user
# Optional: provide static credentials, or omit to use AWS default credential chain
polaris.service-identity.aws-iam.access-key-id=<access-key-id>
polaris.service-identity.aws-iam.secret-access-key=<secret-access-key>
polaris.service-identity.aws-iam.session-token=<optional-session-token>
# Realm-specific service identity for multi-tenant deployments
polaris.service-identity.my-realm.aws-iam.iam-arn=arn:aws:iam::123456789012:user/my-realm-user
polaris.service-identity.my-realm.aws-iam.access-key-id=<access-key-id>
polaris.service-identity.my-realm.aws-iam.secret-access-key=<secret-access-key>
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.service-identity.aws-iam.iam-arn | string | The IAM role or user ARN representing the service identity. If not provided, Polaris won’t surface it in the catalog identity. | |
polaris.service-identity.aws-iam.access-key-id | string | Optional AWS access key ID associated with the IAM identity. If not provided, the AWS default credential chain will be used. | |
polaris.service-identity.aws-iam.secret-access-key | string | Optional AWS secret access key associated with the IAM identity. If not provided, the AWS default credential chain will be used. | |
polaris.service-identity.aws-iam.session-token | string | Optional AWS session token associated with the IAM identity. If not provided, the AWS default credential chain will be used. | |
polaris.service-identity.<realm>.aws-iam.iam-arn | string | The IAM role or user ARN representing the service identity. If not provided, Polaris won’t surface it in the catalog identity. | |
polaris.service-identity.<realm>.aws-iam.access-key-id | string | Optional AWS access key ID associated with the IAM identity. If not provided, the AWS default credential chain will be used. | |
polaris.service-identity.<realm>.aws-iam.secret-access-key | string | Optional AWS secret access key associated with the IAM identity. If not provided, the AWS default credential chain will be used. | |
polaris.service-identity.<realm>.aws-iam.session-token | string | Optional AWS session token associated with the IAM identity. If not provided, the AWS default credential chain will be used. |
Storage & Credentialsπ
polaris.storageπ
Configuration interface containing parameters for clients accessing S3 services from Polaris servers.
Currently, this configuration does not apply to all of Polaris code, but only to select services.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.storage.aws.access-key | string | The AWS access key to use for authentication. If not present, the default credentials provider chain will be used. | |
polaris.storage.aws.secret-key | string | The AWS secret key to use for authentication. If not present, the default credentials provider chain will be used. | |
polaris.storage.aws.<storage>.access-key | string | The AWS access key to use for authentication when using named storages. | |
polaris.storage.aws.<storage>.secret-key | string | The AWS secret key to use for authentication when using named storages. | |
polaris.storage.gcp.token | string | The GCP access token to use for authentication. If not present, the default credentials provider chain will be used. | |
polaris.storage.gcp.lifespan | duration | The lifespan of the GCP access token. If not present, the default token lifespan (null) will be used. | |
polaris.storage.clients-cache-max-size | int | Maximum number of entries to keep in the STS clients cache. | |
polaris.storage.max-http-connections | int | Override the default maximum number of pooled connections. | |
polaris.storage.read-timeout | duration | Override the default connection read timeout. | |
polaris.storage.connect-timeout | duration | Override the default TCP connect timeout. | |
polaris.storage.connection-acquisition-timeout | duration | Override default connection acquisition timeout. This is the time a request will wait for a connection from the pool. | |
polaris.storage.connection-max-idle-time | duration | Override default max idle time of a pooled connection. | |
polaris.storage.connection-time-to-live | duration | Override default time-time of a pooled connection. | |
polaris.storage.expect-continue-enabled | boolean | Override default behavior whether to expect an HTTP/100-Continue. |
polaris.storage-credential-cacheπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.storage-credential-cache.max-entries | 10000 | long |
polaris.credential-managerπ
Quarkus configuration mapping for Polaris Credential Manager.
Defines which (PolarisCredentialManager) implementation should be used at runtime. This allows switching between different credential management strategies via configuration.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.credential-manager.type | string | The type identifier of the PolarisCredentialManager implementation to use. This corresponds to the @Identifier annotation value on the implementation (e.g., “default”). |
polaris.secrets-managerπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.secrets-manager.type | string | The type of the UserSecretsManagerFactory to use. This is the (org.apache.polaris.core.secrets.UserSecretsManagerFactory) identifier. |
polaris.file-ioπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.file-io.type | string | The type of the catalog IO to use. Must be a registered (org.apache.polaris.service.catalog.io.FileIOFactory) identifier. |
Persistenceπ
polaris.persistenceπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.type | string | The type of the persistence to use. Must be a registered (org.apache.polaris.core.persistence.MetaStoreManagerFactory) identifier. | |
polaris.persistence.auto-bootstrap-types | list of string | ||
polaris.persistence.reference-previous-head-count | 20 | int | |
polaris.persistence.max-index-stripes | 20 | int | |
polaris.persistence.max-embedded-index-size | 32k | MemorySize | |
polaris.persistence.max-index-stripe-size | 128k | MemorySize | |
polaris.persistence.bucketized-bulk-fetch-size | 16 | int | The number of objects to fetch at once via (Persistence#bucketizedBulkFetches(Stream,<br> Class)). |
polaris.persistence.max-serialized-value-size | 350k | MemorySize | The maximum size of a serialized value in a persisted database row. |
polaris.persistence.cacheπ
Persistence cache configuration.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.cache.enable | true | boolean | Optionally disable the cache, the default value is true, meaning that the cache is enabled by default. |
polaris.persistence.cache.reference-ttl | PT15M | duration | Duration to cache the state of references. |
polaris.persistence.cache.reference-negative-ttl | duration | Duration to cache whether a reference does not exist (negative caching). | |
polaris.persistence.cache.sizing.fraction-of-max-heap-size | double | Fraction of Javaβs max heap size to use for cache objects, set to 0 to disable. Must not be used with fixed cache sizing. If neither this value nor a fixed size is configured, a default of .4 (40%) is assumed, if enable-soft-references is enabled, else .6 (60%) is assumed. | |
polaris.persistence.cache.sizing.fraction-min-size | 64M | MemorySize | When using fractional cache sizing, this amount in MB is the minimum cache size. |
polaris.persistence.cache.sizing.fraction-adjustment | 256M | MemorySize | When using fractional cache sizing, this amount in MB of the heap will always be “kept free” when calculating the cache size. |
polaris.persistence.cache.sizing.fixed-size | MemorySize | Capacity of the persistence cache in MiB. | |
polaris.persistence.cache.sizing.cache-capacity-overshoot | 0.1 | double | Admitted cache-capacity-overshoot fraction, defaults to 0.1 (10 %).New elements are admitted to be added to the cache, if the cache’s size is less than cache-capacity * (1 + cache-capacity-overshoot .Cache eviction happens asynchronously. Situations when eviction cannot keep up with the amount of data added could lead to out-of-memory situations. The value, if present, must be greater than 0. |
polaris.persistence.distributed-cache-invalidationsπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.distributed-cache-invalidations.service-names | list of string | Host names or IP addresses or kubernetes headless-service name of all Polaris server instances accessing the same repository. This value is automatically configured via the Polaris Helm chart, additional configuration is not required. If you have your own Helm chart or custom deployment, make sure to configure the IPs of all Polaris instances here. Names that start with an equal sign are not resolved but used “as is”. | |
polaris.persistence.distributed-cache-invalidations.valid-tokens | list of string | List of cache-invalidation tokens to authenticate incoming cache-invalidation messages. The first token is used in outgoing cache-invalidation messages. | |
polaris.persistence.distributed-cache-invalidations.uri | /polaris-management/cache-coherency | string | URI of the cache-invalidation endpoint, only available on the Quarkus management port, defaults to 9000. |
polaris.persistence.distributed-cache-invalidations.service-name-lookup-interval | PT10S | duration | Interval of service-name lookups to resolve the service names (#cacheInvalidationServiceNames()) into IP addresses. |
polaris.persistence.distributed-cache-invalidations.batch-size | 20 | int | Maximum number of cache-invalidation messages to send in a single request to peer nodes. |
polaris.persistence.distributed-cache-invalidations.request-timeout | duration | Request timeout for sent cache-invalidation messages. Timeouts trigger a warning or error message. | |
polaris.persistence.distributed-cache-invalidations.dns.query-timeout | PT5S | duration | Timeout for DNS queries to resolve peer nodes. |
polaris.persistence.nosqlπ
Polaris persistence backend configuration.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.nosql.backend | string | Name of the persistence backend to use. |
polaris.persistence.nosql.maintenanceπ
Maintenance service configuration.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.nosql.maintenance.expected-reference-count | 100 | long | Provides the expected number of references in all realms to retain, defaults to 100, must be at least 100. This value is used as the default if no information of a previous maintenance run is present, it is also the minimum number of expected references. |
polaris.persistence.nosql.maintenance.expected-obj-count | 100000 | long | Provides the expected number of objects in all realms to retain, defaults to 100000, must be at least 100000. This value is used as the default if no information of a previous maintenance run is present, it is also the minimum number of expected objects. |
polaris.persistence.nosql.maintenance.count-from-last-run-multiplier | 1.1 | double | Maintenance service sizes the bloom-filters used to hold the identified references and objects according to the expression lastRun.numberOfIdentified * countFromLastRunMultiplier. The default is to add 10% to the number of identified items. |
polaris.persistence.nosql.maintenance.filter-initialized-fpp | 1.0E-5 | double | False-positive-probability (FPP) used to initialize the bloom-filters for identified references and objects. |
polaris.persistence.nosql.maintenance.max-acceptable-filter-fpp | 5.0E-5 | double | Expected maximum false-positive-probability (FPP) used to check the bloom-filters for identified references and objects. If the FPP of a bloom filter exceeds this value, no individual references or objects will be purged. |
polaris.persistence.nosql.maintenance.retained-runs | 50 | int | Number of retained maintenance run objects (MaintenanceRunInformation), must be at least 2. |
polaris.persistence.nosql.maintenance.created-at-grace-time | PT3H | duration | Objects and references that have been created after a maintenance run has started are never purged. This option defines an additional grace time to when the maintenance run has started. This value is a safety net for two reasons: * Respect the wall-clock drift between Polaris nodes. * Respect the order of writes in Polaris persistence. Objects are written before those become reachable via a commit. Commits may take a little time (milliseconds, up to a few seconds, depending on the system load) to complete. Therefore, implementations enforce a minimum of 5 minutes. |
polaris.persistence.nosql.maintenance.object-scan-rate-limit-per-second | int | Optionally limit the number of objects scanned per second. Default is to not throttle object scanning. | |
polaris.persistence.nosql.maintenance.reference-scan-rate-limit-per-second | int | Optionally limit the number of references scanned per second. Default is to not throttle reference scanning. | |
polaris.persistence.nosql.maintenance.delete-batch-size | 10 | int | Size of the delete-batches when purging objects. |
polaris.persistence.nosql.maintenance.catalogπ
No SQL persistence implementation of Polaris stores a history of changes per kind of object (principals, principal roles, grants, immediate tasks, catalog roles and catalog state).
The rules are defined using a CEL script . The default rules for all kinds of objects are to retain the history for 3 days, for the catalog state for 30 days.
The scripts have access to the following declared values:
ref(string) name of the referencecommits(64-bit int) number of the currently processed commit, starting at1ageDays(64-bit int) age of currently processed commit in daysageHours(64-bit int) age of currently processed commit in hoursageMinutes(64-bit int) age of currently processed commit in minutes
Scripts must return a boolean yielding whether the commit shall be retained. Note that maintenance-service implementations can keep the first not-to-be-retained commit.
Example scripts
ageDays < 30 || commits <= 10retains the reference history with at least 10 commits and commits that are younger than 30 daystrueretains the whole reference historyfalseretains the most recent commit
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.nosql.maintenance.catalog.principals-retain | false | string | |
polaris.persistence.nosql.maintenance.catalog.principal-roles-retain | false | string | |
polaris.persistence.nosql.maintenance.catalog.grants-retain | false | string | |
polaris.persistence.nosql.maintenance.catalog.immediate-tasks-retain | false | string | |
polaris.persistence.nosql.maintenance.catalog.catalogs-history-retain | false | string | |
polaris.persistence.nosql.maintenance.catalog.catalog-roles-retain | false | string | |
polaris.persistence.nosql.maintenance.catalog.catalog-policies-retain | false | string | |
polaris.persistence.nosql.maintenance.catalog.catalog-state-retain | false | string |
polaris.persistence.nosql.mongodbπ
Polaris persistence, MongoDB backend specific configuration.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.nosql.mongodb.connection-string | string | ||
polaris.persistence.nosql.mongodb.database-name | string | ||
polaris.persistence.nosql.mongodb.allow-prefix-deletion | boolean | Optionally enable realm-deletion using a prefix-delete. Prefix-deletion is disabled by default. |
polaris.persistence.relational.jdbcπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.persistence.relational.jdbc.max-retries | int | ||
polaris.persistence.relational.jdbc.max-duration-in-ms | long | ||
polaris.persistence.relational.jdbc.initial-delay-in-ms | long |
Eventsπ
polaris.event-listenerπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.event-listener.type | string | The type of the event listener to use. Must be a registered (PolarisEventListener) identifier. |
polaris.event-listener.persistence-in-memory-bufferπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.event-listener.persistence-in-memory-buffer.buffer-time | 5000ms | duration | |
polaris.event-listener.persistence-in-memory-buffer.max-buffer-size | 5 | int |
polaris.event-listener.aws-cloudwatchπ
Configuration interface for AWS CloudWatch event listener integration.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.event-listener.aws-cloudwatch.log-group | polaris-cloudwatch-default-group | string | Returns the AWS CloudWatch log group name for event logging. The log group is a collection of log streams that share the same retention, monitoring, and access control settings. If not specified, defaults to “polaris-cloudwatch-default-group”. Configuration property: polaris.event-listener.aws-cloudwatch.log-group |
polaris.event-listener.aws-cloudwatch.log-stream | polaris-cloudwatch-default-stream | string | Returns the AWS CloudWatch log stream name for event logging. A log stream is a sequence of log events that share the same source. Each log stream belongs to one log group. If not specified, defaults to “polaris-cloudwatch-default-stream”. Configuration property: polaris.event-listener.aws-cloudwatch.log-stream |
polaris.event-listener.aws-cloudwatch.region | us-east-1 | string | Returns the AWS region where CloudWatch logs should be sent. This specifies the AWS region for the CloudWatch service endpoint. The region must be a valid AWS region identifier. If not specified, defaults to “us-east-1”. Configuration property: polaris.event-listener.aws-cloudwatch.region |
polaris.event-listener.aws-cloudwatch.synchronous-mode | false | boolean | Returns the synchronous mode setting for CloudWatch logging. When set to “true”, log events are sent to CloudWatch synchronously, which may impact application performance but ensures immediate delivery. When set to “false” (default), log events are sent asynchronously for better performance. Configuration property: polaris.event-listener.aws-cloudwatch.synchronous-mode |
Operationalπ
polaris.tasksπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.tasks.max-concurrent-tasks | -1 | int | |
polaris.tasks.max-queued-tasks | -1 | int |
polaris.asyncπ
Advanced configuration options to tune async activities.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.async.thread-keep-alive | PT1S | duration | Duration to keep idle threads alive. |
polaris.async.max-threads | int | Maximum number of threads available for asynchronous execution. Default is 256. |
polaris.rate-limiter.filterπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.rate-limiter.filter.type | string | The type of the rate limiter. Must be a registered (org.apache.polaris.service.ratelimiter.RateLimiter) identifier. |
polaris.rate-limiter.token-bucketπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.rate-limiter.token-bucket.requests-per-second | long | Number of allowed requests per second per realm. The value must be greater than zero. | |
polaris.rate-limiter.token-bucket.window | duration | This setting is no longer used and will be removed in a future release. Deprecated | |
polaris.rate-limiter.token-bucket.type | string | The type of the token bucket factory. Must be a registered (org.apache.polaris.service.ratelimiter.TokenBucketFactory) identifier. |
polaris.metricsπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.metrics.tags.<name> | string | Additional tags to include in the metrics. | |
polaris.metrics.realm-id-tag.enable-in-api-metrics | false | boolean | Whether to include the Realm ID tag in the API request metrics. Beware that if the cardinality of this tag is too high, it can cause performance issues or even crash the server. |
polaris.metrics.realm-id-tag.enable-in-http-metrics | false | boolean | Whether to include the Realm ID tag in the HTTP server request metrics. Beware that if the cardinality of this tag is too high, it can cause performance issues or even crash the server. |
polaris.metrics.realm-id-tag.http-metrics-max-cardinality | 100 | int | The maximum number of Realm ID tag values allowed for the HTTP server request metrics. This is used to prevent the number of tags from growing indefinitely and causing performance issues or crashing the server. If the number of tags exceeds this value, a warning will be logged and no more HTTP server request metrics will be recorded. |
polaris.metrics.user-principal-tag.enable-in-api-metrics | false | boolean | Whether to include the User Principal tag in the API request metrics. Beware that if the cardinality of this tag is too high, it can cause performance issues or even crash the server. |
polaris.iceberg-metrics.reportingπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.iceberg-metrics.reporting.type | default | string |
polaris.logπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.log.request-id-header-name | string | The name of the header that contains the request ID. | |
polaris.log.mdc.<name> | string | Additional MDC values to include in the log context. |
polaris.readinessπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.readiness.ignore-severe-issues | false | boolean | Setting this to true means that Polaris will start up even if severe security risks have been detected, accepting the risk of denial-of-service, data-loss, corruption and other risks. |
polaris.nodeπ
Node management configuration.
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.node.lease-duration | PT1H | duration | Duration of a node-lease. |
polaris.node.renewal-period | PT15M | duration | Time window before the end of a node lease when the lease will be renewed. |
polaris.node.num-nodes | 1024 | int | Maximum number of concurrently active Polaris nodes. Do not change this value or the ID generator spec, it is a rather internal property. See ID generator spec below. |
polaris.node.id-generator-spec.type | snowflake | string | |
polaris.node.id-generator-spec.params.<name> | string |
Otherπ
polaris.realm-contextπ
| Property | Default Value | Type | Description |
|---|---|---|---|
polaris.realm-context.realms | list of string | The set of realms that are supported by the realm context resolver. The first realm is considered the default realm. | |
polaris.realm-context.header-name | string | The header name that contains the realm identifier. | |
polaris.realm-context.require-header | boolean | Whether to require the realm header to be present in the request. If this is true and the realm header is not present, the request will be rejected. If this is false and the realm header is not present, the default realm will be used. Note: this is actually only enforced in production setups. | |
polaris.realm-context.type | string | The type of the realm context resolver. Must be a registered (org.apache.polaris.service.context.RealmContextResolver) identifier. |