-
Type: Task
-
Resolution: Duplicate
-
Priority: Major - P3
-
Affects Version/s: None
Description
Description:
Included the encrypt() and decrypt() functions outlined in the shell scope
Engineering Ticket Description:
Including reading and writing encrypted payload format (see Bindata SubType 6 document)
This should be done by extending and deriving from DBClientBase a new class that implements encrypt, decrypt, and generateDataKey. The Mongo object in Javascript is just an adapter for DBClientBase so deriving a new class from it that maintains the KMS information would be the least intrusive.
API:
encrypt(algorithm: string, keyId: UUID, iv? : byte[]) : BinData {} decrypt(value: BinData) : BSON {}
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
- documents
-
SERVER-39896 Write shell JS API for explicitly encrypting and decrypting data
- Closed