Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2781

Add option to configure DEK cache lifetime

XMLWordPrintableJSON

    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5644 Fixed 1.30.0
      CXX-3080 Backlog
      CSHARP-5205 Backlog
      GODRIVER-3289 Investigating
      JAVA-5547 Backlog
      NODE-6294 Backlog
      MOTOR-1348 Duplicate
      PYTHON-4580 Ready for Work
      PHPLIB-1496 Backlog
      RUBY-3524 Backlog
      RUST-2006 In Code Review
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } #scriptField td.willNotDo { background-color: #FF0000; /* Red color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5644 Fixed 1.30.0 CXX-3080 Backlog CSHARP-5205 Backlog GODRIVER-3289 Investigating JAVA-5547 Backlog NODE-6294 Backlog MOTOR-1348 Duplicate PYTHON-4580 Ready for Work PHPLIB-1496 Backlog RUBY-3524 Backlog RUST-2006 In Code Review

      Summary

      Add option to configure DEK cache lifetime.

      Motivation

      At present, libmongocrypt caches the decrypted DEK for a fixed lifetime of 1 minute. There is a report of observed errors decrypting DEKs with KMS on heavy load. This may be due to the high rate of KMS requests. Adding an option to increase the lifetime may help these use cases reduce the rate of KMS requests.

      Who is the affected end user?

      Users of In-Use Encryption (CSFLE and/or QE) with heavy workloads requiring many KMS requests.

      How does this affect the end user?

      May result in more KMS requests than desired on heavy load. There is a report of observed errors decrypting DEKs with KMS on heavy load.

      How likely is it that this problem or use case will occur?

      Likely. There is a report of observed errors decrypting DEKs with KMS on heavy load. The high rate of KMS requests is the presumed cause.

      JAVA-5297 notes errors observed for Azure KMS requests that may benefit from a configurable DEK cache timeout.

      If the problem does occur, what are the consequences and how severe are they?

      Application errors.

      Is this issue urgent?

      Not sure.

      Is this ticket required by a downstream team?

      No?

      Is this ticket only for tests?

      No.

      Acceptance Criteria

      Update libmongocrypt to enable configuring the DEK cache lifetime.
      Add API to drivers to enable configuring the DEK cache lifetime.

            Assignee:
            adrian.dole@mongodb.com Adrian Dole
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Kevin Albertson Kevin Albertson
            Esha Bhargava Esha Bhargava
            Esha Bhargava Esha Bhargava
            Votes:
            10 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated: