Allow keyAltName in encryptedFieldsMap

XMLWordPrintableJSON

    • Type: New Feature
    • Resolution: Unresolved
    • Priority: Unknown
    • None
    • Component/s: Client Side Encryption
    • None
    • Needed
    • Hide

      Summary of necessary driver changes

      •  

      Commits for syncing spec/prose tests
      (and/or refer to an existing language POC if needed)

      •  

      Context for other referenced/linked tickets

      •  
      Show
      Summary of necessary driver changes   Commits for syncing spec/prose tests (and/or refer to an existing language POC if needed)   Context for other referenced/linked tickets  
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-6238 Blocked
      CXX-3417 Blocked
      CSHARP-5874 Blocked
      GODRIVER-3813 Blocked
      JAVA-6096 Blocked
      NODE-7433 Blocked
      PYTHON-5720 Blocked
      PHPLIB-1786 Blocked
      RUBY-3773 Blocked
      RUST-2360 Blocked
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } #scriptField td.willNotDo { background-color: #FF0000; /* Red color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-6238 Blocked CXX-3417 Blocked CSHARP-5874 Blocked GODRIVER-3813 Blocked JAVA-6096 Blocked NODE-7433 Blocked PYTHON-5720 Blocked PHPLIB-1786 Blocked RUBY-3773 Blocked RUST-2360 Blocked

      Summary

      Support specifying keys by "keyAltName" for QE when using encryptedFieldsMap.

      Motivation

      Requested in MONGOCRYPT-432 and scoped in WRITING-33646. libmongocrypt translates the keyAltName to keyId to require no driver or server changes.

      Who is the affected end user?

      Users of QE.

      How does this affect the end user?

      Quoting MONGOCRYPT-342:

      it avoids the chicken-and-egg problem where users first need to create the keys using a half-autoencryption-configured MongoClient before being able to create the main MongoClient instance.

      How likely is it that this problem or use case will occur?

      Certain?

      If the problem does occur, what are the consequences and how severe are they?

      Confusion.

      Is this issue urgent?

      No.

      Is this ticket required by a downstream team?

      No?

      Is this ticket only for tests?

      No? It only requires a libmongocrypt upgrade and test sync.

      Acceptance Criteria

      • Add spec test to verify keyAltName can be specified in encryptedFieldsMap
      • Upgrade libmongocrypt to 1.18.0

            Assignee:
            Adrian Dole
            Reporter:
            Adrian Dole
            Kevin Albertson Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: