Skip to content

docs: note UNLOAD credentials still required when OIDC is used for ex…#10868

Merged
bsod90 merged 1 commit into
masterfrom
mintlify/9aaa1e6e
May 12, 2026
Merged

docs: note UNLOAD credentials still required when OIDC is used for ex…#10868
bsod90 merged 1 commit into
masterfrom
mintlify/9aaa1e6e

Conversation

@bsod90
Copy link
Copy Markdown
Member

@bsod90 bsod90 commented May 12, 2026

…port bucket

Check List

  • Tests have been run in packages where changes have been made if available
  • Linter has been run for changed code
  • Tests for the changes have been added if not covered yet
  • Docs have been added / updated if required

@bsod90 bsod90 requested a review from keydunov as a code owner May 12, 2026 20:06
@claude
Copy link
Copy Markdown
Contributor

claude Bot commented May 12, 2026
edited
Loading

Claude finished @bsod90's task in 1m 22s —— View job

  • Gather context and read changed files
  • Review changes across all 4 files
  • Post review feedback

Review Summary

This is a well-written documentation PR that adds an important clarification: when using OIDC for export bucket authentication, OIDC only covers Cube's read (download) side — the data warehouse still needs its own credentials to perform the UNLOAD/write. This is exactly the kind of gotcha that saves users significant debugging time, and the <Warning> block is the right way to surface it.

Findings

All environment variable names verifiedCUBEJS_DB_EXPORT_BUCKET_AWS_KEY, CUBEJS_DB_EXPORT_BUCKET_AWS_SECRET, CUBEJS_DB_EXPORT_BUCKET_AZURE_KEY, and CUBEJS_DB_EXPORT_GCS_CREDENTIALS all exist in the codebase (packages/cubejs-backend-shared/src/env.ts) and are referenced consistently in the existing docs.

Minor inconsistency (nit): The AWS warning says "separate credentials for the `UNLOAD`" (with UNLOAD in backticks/code format), while the Azure and GCP warnings say "separate credentials for the unload" (lowercase, no backticks). The AWS version is clearer since UNLOAD is a SQL command — consider matching the style across all three files.

aws.mdx:317-318:

credentials for the `UNLOAD`** so the warehouse can write to S3

vs azure.mdx:239-240 and gcp.mdx:269-270:

credentials for the unload** so the warehouse can write to ...

Fix this →

Minor wording nit in index.mdx: The phrase "configured on the client side" (line 28) could be ambiguous — "client side" typically means the browser/frontend in web contexts. Consider "configured separately" or "configured via environment variables" since the surrounding text already says "see the per-cloud guides for details."

Overall: Looks good to merge. The content is accurate, the placement is correct (right after the export bucket setup steps in each guide), and the cloud-specific details (credential types, env var names) are properly tailored per provider. The addition to index.mdx gives a useful heads-up before users dive into the per-cloud guides.

@bsod90 bsod90 merged commit 32f2a14 into master May 12, 2026
11 checks passed
@bsod90 bsod90 deleted the mintlify/9aaa1e6e branch May 12, 2026 20:06
@mintlify
Copy link
Copy Markdown
Contributor

mintlify Bot commented May 12, 2026
edited
Loading

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
cubed3 🔴 Failed May 12, 2026, 8:11 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keydunov keydunov Awaiting requested review from keydunov keydunov is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bsod90