Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-4499

Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS

    • Needed
    • Done
    • CSFLE AWS on-demand credentials
    • 5
    • 3
    • 3
    • 100
    • Hide

      Engineer(s): Jeff

      Summary: Currently, for MONGODB-AWS authentication mechanism the driver obtains the credentials according to the rules specified in https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials. In addition, it supports obtaining credentials from an application-provided callback (see JAVA-4295).

      With CSFLE, in contrast, AWS credentials must be provided explicitly via the kmsProviders property of AutoEncryptionSettings or ClientEncryptionSettings.

      This epic will add equivalent support in CSFLE as is already provided for MONGODB-AWS.

      2022-03-22: Maintaining target end date of 2022-04-01

      • Support application callback to obtain credentials in code review. This is the last piece of work needed to wrap this up
      • Goldman has agreed to test a pre-release

      2022-03-08: Updated target end date to 2022-04-01

      • libmongocrypt wrapper support in code review
      • Refactoring of MONGDB-AWS code is complete

      2022-02-22: Setting initial target end date to 2022-03-25

      • Jeff started on the refactoring work which is independent of the mongocrypt work late last week and that's currently in review
      • The remaining tickets are blocked on MONGOCRYPT-382 which is currently in review
      • Jeff is OOO this week

      Show
      Engineer(s): Jeff Summary: Currently, for MONGODB-AWS authentication mechanism the driver obtains the credentials according to the rules specified in https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials . In addition, it supports obtaining credentials from an application-provided callback (see JAVA-4295 ). With CSFLE, in contrast, AWS credentials must be provided explicitly via the kmsProviders property of AutoEncryptionSettings or ClientEncryptionSettings. This epic will add equivalent support in CSFLE as is already provided for MONGODB-AWS. 2022-03-22: Maintaining target end date of 2022-04-01 Support application callback to obtain credentials in code review. This is the last piece of work needed to wrap this up Goldman has agreed to test a pre-release 2022-03-08: Updated target end date to 2022-04-01 libmongocrypt wrapper support in code review Refactoring of MONGDB-AWS code is complete 2022-02-22: Setting initial target end date to 2022-03-25 Jeff started on the refactoring work which is independent of the mongocrypt work late last week and that's currently in review The remaining tickets are blocked on MONGOCRYPT-382 which is currently in review Jeff is OOO this week

      Currently, for MONGODB-AWS authentication mechanism the driver obtains the credentials according to the rules specified in https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials. In addition, it supports obtaining credentials from an application-provided callback (see JAVA-4295).

      With CSFLE, in contrast, AWS credentials must be provided explicitly via the kmsProviders property of AutoEncryptionSettings or ClientEncryptionSettings.

      This epic will add equivalent support in CSFLE as is already provided for MONGODB-AWS.

            Assignee:
            Unassigned Unassigned
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:
              6 weeks, 2 days