S3 secret with `credential_chain` provider cannot be configured in 1.4.0

[arouel]

The call CREATE OR REPLACE SECRET (TYPE s3, PROVIDER credential_chain) worked in 1.3.x but now fails in version 1.4.0.

DuckDB v1.4.0 (Andium) b8a06e4a22
D CREATE OR REPLACE SECRET (TYPE s3, PROVIDER credential_chain);
Invalid Input Error:
Failed to create secret using the following:
Credential Chain: 'config'

It seems that v1.4.0 checks the prerequisites in an environment compared to v1.3.x which didn't perform those checks. This is problematic when provisioning DuckDB with S3 secrets which may not necessarily work in all environments.

[benfleis]

Hi @arouel, I am looking into this issue, and intend to have a solution in for v1.4.1. I'll let you know if there's a nightly-build available for testing.

[benfleis]

Promised update - I am working on the immediate fix, and a couple follow up improvements, will notify here when the immediate fixes land for testing, I expect today or Monday.

[benfleis]

Hi @arouel, it took longer than hoped but just landed -- if you'd like to test ASAP, you can build from the v1.4-andium branch, and add the following to your CREATE SECRET lines: VALIDATION 'none', a la:

CREATE SECRET s (
    TYPE aws,
    PROVIDER credential_chain,
    VALIDATION 'none',
    ...
);

The code just landed, and I'll update the corresponding documentation shortly. This will all be in the upcoming v1.4.1 release.

If you do any testing, please let us know here!

[richjam]

Hi @benfleis - just wondering if any update on the planned 1.4.1 release? I see from the release calendar (https://duckdb.org/release_calendar.html) it's scheduled for today - is that still the plan?

Thanks!

[benfleis]

@richjam WIP :) -- https://github.com/duckdb/duckdb/releases/tag/v1.4.1