Because our work with Flink is still in the POC stage, we currently don't have any infrastructure to support the different stages of development. In lieu of a staging environment we've been manually building the jar files and deploy Flink jobs on Yarn, which works fine for most of our development needs so far, but falls short when the job needs to authenticate to a separate service (i.e. Cassandra). I'm hesitant to have credentials laying around in a stat box so that Flink can pick it up, but there might not be any better alternatives right now.
Ideally we'd at least have some sort of deployment pipeline that can inject any necessary secrets so we don't have to personally deal with them. And ideally we'd have a staging environment so that the jobs aren't hitting production databases.
Semi-related: T311070 about Flink app config for Yarn