Production checklist¶
Memcove is a generic, self-hostable service — install it with the Helm chart or your own manifests, and bring your own object store, Trino, catalog, registry DB, and (for the proxy model) identity proxy. This checklist is the hardening you must apply before exposing it beyond a trusted network.
Do not expose Memcove without authentication + network isolation
In the default header configuration Memcove trusts the tenant header, so anything that can reach the port can read any tenant's data. Either enable native OAuth or front it with an authenticating proxy — and in both cases restrict the network. The items below are not optional for an internet- or org-reachable deployment.
Identity & trust boundary¶
Pick one authentication model and harden it:
Native OAuth (clients connect directly):
- [ ] Enable the resource server (
MEMCOVE_OAUTH_ENABLED=true) with your IdP's issuer, audience, and required scopes; setMEMCOVE_PUBLIC_URLto the public HTTPS URL. See Native OAuth. - [ ] Map identities to tenants explicitly with
MEMCOVE_TENANT_MAP(fail-closed) rather than defaulting the tenant to a rawsubclaim.
Proxy / trusted header (auth terminated at the edge):
- [ ] Front Memcove with an authenticating proxy. It authenticates the caller and sets the tenant/identity header. Memcove trusts that header.
- [ ] Strip inbound tenant headers at the proxy and overwrite from the verified
identity, so a caller can't spoof
x-memcove-tenant. - [ ] Use the fail-closed provisioning map (
MEMCOVE_TENANT_SUBJECT_HEADER+MEMCOVE_TENANT_MAP) rather than passing a raw OIDCsubthrough. See Authentication & tenancy.
Both models:
- [ ] Network-isolate the service so only your proxy (header mode) or your ingress (OAuth mode) can reach the MCP port (8090) and the Flight port (8815). See Kubernetes.
Engine access control¶
- [ ] Enable Trino impersonation (
MEMCOVE_TRINO_IMPERSONATION=true) and configure a grant backend (file rules / Ranger / OPA / Iceberg REST authz) so Trino re-checks access per tenant beneath the guard. - [ ] Restrict Trino so only Memcove can reach it (otherwise impersonation is sidesteppable).
- [ ] TLS-front Trino and set
MEMCOVE_TRINO_HTTP_SCHEME=https. - [ ] Consider
MEMCOVE_TRINO_SESSION_PROPERTIESresource caps (e.g.query_max_run_time) to bound runaway queries.
Data-plane secrets¶
- [ ] Set
MEMCOVE_FLIGHT_TICKET_SECRETto a strong random value (the default is insecure; the Flight server warns if unchanged). - [ ] Use real S3 credentials / IAM, not the MinIO dev defaults, and least-privilege bucket policies for the warehouse / staging / artifacts buckets.
- [ ] Secure the Postgres DSN (
MEMCOVE_PG_DSN) and pull it from a secret manager.
Ingest & buckets¶
- [ ] Set
MEMCOVE_ALLOWED_S3_INGEST_PREFIXESif you want to allow agents3_parquetingest (empty = disabled). Scope prefixes tightly. - [ ] Review the guardrail caps (
MEMCOVE_PREVIEW_ROW_CAP,MEMCOVE_EXPORT_ROW_CAP,MEMCOVE_INLINE_BYTES_CAP,MEMCOVE_PRESIGN_TTL_SECONDS) for your workload.
Observability¶
- [ ] Route the
memcove.auditlogger (structured JSON, one line per accepted read/derive/export) to your audit sink.
Secrets (S3 keys, registry DSN, ticket secret) should come from your secret manager, not
committed config — the Helm chart takes them via secrets.existingSecret. Every
non-secret knob maps to a MEMCOVE_* env var (see the
settings reference).