Document additional credential providers for JDBC connectors

Author: Jan Waś

docs/src/main/sphinx/connector/clickhouse.rst

@@ -78,6 +78,8 @@ property:
 For more information on TLS configuration options, see the `Clickhouse JDBC
 driver documentation <https://clickhouse.com/docs/en/interfaces/jdbc/>`_
 
+.. include:: jdbc-authentication.fragment
+
 Multiple ClickHouse servers
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/src/main/sphinx/connector/druid.rst

@@ -46,6 +46,8 @@ secured by basic authentication by updating the URL and adding credentials:
 Now you can access your Druid database in Trino with the ``druiddb`` catalog
 name from the properties file.
 
+.. include:: jdbc-authentication.fragment
+
 .. include:: jdbc-common-configurations.fragment
 
 .. |default_domain_compaction_threshold| replace:: ``32``

docs/src/main/sphinx/connector/jdbc-authentication.fragment

@@ -0,0 +1,53 @@
+Data source authentication
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The connector can provide credentials for the data source connection
+in multiple ways:
+
+* inline, in the connector configuration file
+* in a separate properties file
+* in a key store file
+* as extra credentials set when connecting to Trino
+
+You can use :doc:`secrets </security/secrets>` to avoid storing sensitive
+values in the catalog properties files.
+
+The following table describes configuration properties
+for connection credentials:
+
+.. list-table::
+  :widths: 40, 60
+  :header-rows: 1
+
+  * - Property name
+    - Description
+  * - ``credential-provider.type``
+    - Type of the credential provider. Must be one of ``INLINE``, ``FILE``, or
+      ``KEYSTORE``; defaults to ``INLINE``.
+  * - ``connection-user``
+    - Connection user name.
+  * - ``connection-password``
+    - Connection password.
+  * - ``user-credential-name``
+    - Name of the extra credentials property, whose value to use as the user
+      name. See ``extraCredentials`` in :ref:`jdbc-parameter-reference`.
+  * - ``password-credential-name``
+    - Name of the extra credentials property, whose value to use as the
+      password.
+  * - ``connection-credential-file``
+    - Location of the properties file where credentials are present. It must
+      contain the ``connection-user`` and ``connection-password`` properties.
+  * - ``keystore-file-path``
+    - The location of the Java Keystore file, from which to read credentials.
+  * - ``keystore-type``
+    - File format of the keystore file, for example ``JKS`` or ``PEM``.
+  * - ``keystore-password``
+    - Password for the key store.
+  * - ``keystore-user-credential-name``
+    - Name of the key store entity to use as the user name.
+  * - ``keystore-user-credential-password``
+    - Password for the user name key store entity.
+  * - ``keystore-password-credential-name``
+    - Name of the key store entity to use as the password.
+  * - ``keystore-password-credential-password``
+    - Password for the password key store entity.

docs/src/main/sphinx/connector/mariadb.rst

@@ -34,6 +34,8 @@ connection properties as appropriate for your setup:
     connection-user=root
     connection-password=secret
 
+.. include:: jdbc-authentication.fragment
+
 .. include:: jdbc-common-configurations.fragment
 
 .. |default_domain_compaction_threshold| replace:: ``32``

docs/src/main/sphinx/connector/mysql.rst

@@ -80,6 +80,8 @@ appending it to the ``connection-url`` configuration property:
 For more information on TLS configuration options, see the `MySQL JDBC security
 documentation <https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-connp-props-security.html#cj-conn-prop_sslMode>`_.
 
+.. include:: jdbc-authentication.fragment
+
 Multiple MySQL servers
 ^^^^^^^^^^^^^^^^^^^^^^
 

docs/src/main/sphinx/connector/oracle.rst

@@ -73,6 +73,8 @@ To disable connection pooling, update properties to include the following:
 
     oracle.connection-pool.enabled=false
 
+.. include:: jdbc-authentication.fragment
+
 Multiple Oracle servers
 ^^^^^^^^^^^^^^^^^^^^^^^
 

docs/src/main/sphinx/connector/postgresql.rst

@@ -71,6 +71,8 @@ property:
 For more information on TLS configuration options, see the `PostgreSQL JDBC
 driver documentation <https://jdbc.postgresql.org/documentation/use/#connecting-to-the-database>`__.
 
+.. include:: jdbc-authentication.fragment
+
 Multiple PostgreSQL databases or servers
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/src/main/sphinx/connector/redshift.rst

@@ -57,6 +57,8 @@ For more information on TLS configuration options, see the `Redshift JDBC driver
 documentation
 <https://docs.aws.amazon.com/redshift/latest/mgmt/jdbc20-configuration-options.html#jdbc20-ssl-option>`_.
 
+.. include:: jdbc-authentication.fragment
+
 Multiple Redshift databases or clusters
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/src/main/sphinx/connector/sqlserver.rst

@@ -69,6 +69,8 @@ Further parameters like ``trustServerCertificate``, ``hostNameInCertificate``,
 SQL Server JDBC driver documentation
 <https://docs.microsoft.com/en-us/sql/connect/jdbc/using-ssl-encryption>`_.
 
+.. include:: jdbc-authentication.fragment
+
 Multiple SQL Server databases or servers
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^