Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-1960

Make read concern and write concern for key vault configurable

    XMLWordPrintableJSON

Details

    • Icon: Spec Change Spec Change
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • Client Side Encryption
    • None
    • Needed

    Description

      Summary

      Make read concern and write concern for key vault configurable.

      Motivation

      Client Side Encryption requires majority read and write concern for operations:

      For key management functions that require creating, updating, or deleting key documents in the key vault collection, the corresponding operations MUST be done with write concern majority.

      For encryption/decryption and key management functions that require reading key documents from the key vault collection, the corresponding operations MUST be done with read concern majority.

      This prohibits use of clusters where majority read concern has been disabled by adding an option to the encryption settings allowing the read concern to be specified.

      Who is the affected end user?

      Operations teams that have disabled majority read concern as per our documentation. 

      How does this affect the end user?

      End users may be blocked if dev ops are not willing or able to re-enable majority read concern.  But there is a workaround: enable majority read concern. 

      How likely is it that this problem or use case will occur?

      We've heard about this from 2 users since the release of field level encryption, so it does not seem particularly common.

      If the problem does occur, what are the consequences and how severe are they?

      Unable to use field level encryption

      Is this issue urgent?

      Unclear whether it's urgent for the user that reported it.

      Is this ticket required by a downstream team?

      No

      Is this ticket only for tests?

      No

      Attachments

        Activity

          People

            Unassigned Unassigned
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: