Details
-
New Feature
-
Resolution: Fixed
-
Minor - P4
-
None
-
None
-
None
Description
The new API is more generic to the KMS providers. Instead of KMS provider specific API, the GCP and Azure KMS providers can both be set through:
bool
|
mongocrypt_setopt_kms_providers (mongocrypt_t *crypt, mongocrypt_binary_t *kms_providers);
|
kms_providers is a BSON document which accepts keys for "gcp" and "azure". It closely matches the spec, and means no additional API is necessary to support future fields or new KMS providers. Currently it only accepts "gcp" and "azure". It would simplify binding code to support "aws" and "local".
Similarly, the key encryption key (aka masterKey) set for a create datakey operation can be set through:
bool
|
mongocrypt_ctx_setopt_key_encryption_key (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *bin);
|
bin includes the "provider" field. That also only supports "gcp" and "azure" currently.