Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2372

Add createKey to ClientEncryption as an optional feature

    • Type: Icon: Spec Change Spec Change
    • Resolution: Won't Do
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Client Side Encryption
    • Labels:
    • Not Needed


      The initial Key Management API spec in DRIVERS-1951 included a new createKey() function for parity with mongosh. This function was removed by DRIVERS-2370 for forward-compatibility reasons. However, the Node driver has already shipped the Key Management API and is already depended on by the latest release of mongosh.

      In order to minimize friction with the Node driver, it is proposed that createKey() be added back to the spec as an optional feature, with the suggestion that Drivers which have not yet implemented createKey() or released the Key Management API continue to make an effort to exclude createKey() for reasons stated in DRIVERS-2370.


      Who is the affected end user?

      Primarily the Node driver and its downstream users. Other drivers currently implementing the Key Management API are also involved.

      How does this affect the end user?

      Leaving createKey() removed from the spec would means Node is non-conforming.

      How likely is it that this problem or use case will occur?

      The issue primarily affects the Node driver and its downstream users.

      If the problem does occur, what are the consequences and how severe are they?

      Requiring Node to remove createKey() for spec conformance may have undesirable and far-reaching consequences for downstream users of both Node and mongosh.

      Is this issue urgent?

      Somewhat. No actual effort is required by this ticket w.r.t. DRIVERS-1951 and DRIVERS-2370, but clarity on requirements for the Key Management API by Drivers are important for teams currently implementing it.

      Is this ticket required by a downstream team?

      Needed by the Node Driver.

      Is this ticket only for tests?

      No. This impacts the permitted interface for ClientEncryption as part of the Key Management API.

            ezra.chung@mongodb.com Ezra Chung
            ezra.chung@mongodb.com Ezra Chung
            0 Vote for this issue
            3 Start watching this issue