Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-3166

Creating and using a data encryption key in a transaction fails

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None

      Using libmongocrypt 1.9 and mongo go driver 1.12 

      Running the following code inside a transaction throws an error: 

       

      dataKeyOpts := options.DataKey().SetMasterKey(config).SetKeyAltNames([]string{"test_key"})
dataEncryptionKeyID, _ := db.clientEncryption.CreateDataKey(ctx, kmsProvider, dataKeyOpts)

secretRawValueType, secretRawValueData, _ := bson.MarshalValue("test")
secretRawValue := bson.RawValue{Type: secretRawValueType, Value: secretRawValueData}
secretEncryptionOpts := options.Encrypt().
			SetAlgorithm(encryptionAlgorithm).
			SetKeyID(dataEncryptionKeyID)

_, err = mongoClientEncryption.Encrypt(sessionContext, secretRawValue, secretEncryptionOpts)

      it will fail with the following error:

      mongocrypt error 1: not all keys requested were satisfied. Verify that key vault DB/collection name was correctly specified.'

      I believe that the call to encrypt happens in a separate context from the session and therefore cannot find the newly created key. I tested this behavior for collections unrelated to CSFLE and it works as expected (i.e. can read the newly written value). I would expect the key vault collection to work the same way. Outside a transaction, the above code works as expected as well. 

       

            Assignee:
            Unassigned Unassigned
            Reporter:
            julia.ruddy@viam.com Julia Ruddy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: