Request Authentication

Configure authentication for Airport connections using bearer tokens and DuckDB secrets manager integration for secure Arrow Flight server access.

The Airport extension supports authenticated requests to Arrow Flight servers via authentication headers.

Currently, the primary authentication mechanism is a bearer token passed through the Authorization gRPC header. Additional mechanisms—including mutual TLS and OAuth2—may be added in future releases, pending support from Apache Arrow.

Airport integrates seamlessly with the DuckDB secrets manager using a dedicated airport secret type.

Example: Creating an Airport Secret

CREATE PERSISTENT SECRET airport_autogluon (
  type airport,
  auth_token 'example_token',
  scope 'grpc://localhost:50312/'
);

Properties:

• auth_token — The bearer token value used for authentication with the Arrow Flight server.
• scope — A URL prefix matched against the Arrow Flight server’s location to determine which secret applies. This allows a single secret to be used for an entire host or domain.