Credential vending is a storage access delegation mechanism that lets you control permissions directly on BigLake metastore resources. This eliminates the need for catalog users to have direct access to the underlying Cloud Storage buckets where your Apache Iceberg table data is stored.
Using credential vending, you can give users fine-grained permissions on specific data files, rather than granting broad bucket-level access. This improves security and aligns with the principle of least privilege.
How credential vending works
When you use credential vending, the query processing sequence changes slightly to enforce policies before data is read:
- Request: A user submits a SQL query to a supported engine (for example, Apache Spark).
- Metadata lookup: The engine sends a request to the BigLake metastore to resolve the table.
- Authentication and policy: The metastore authenticates the user and checks their IAM permissions on the BigLake resources.
- Response: Because credential vending is enabled, the metastore returns the metadata and a short-lived storage token (downscoped storage credentials) to the engine.
- Read: The engine uses this token to read the specific authorized files directly from Cloud Storage.
- Compute: The engine processes the data and returns the results.
Supported catalogs
Credential vending is supported when you use the Iceberg REST catalog in BigLake metastore. When you set up a catalog in credential vending mode, your client application must be configured to request the downscoped credentials by specifying the access delegation.
The custom Iceberg catalog for BigQuery does not support credential vending.
What's next
- Learn how to create a catalog in credential vending mode.
- Learn how to enable credential vending for an existing catalog using the Google Cloud console.
- Learn how to configure your client application for credential vending.