Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-283

Support aws and local in new API

    XMLWordPrintableJSON

Details

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Minor - P4 Minor - P4
    • 1.1.0-beta1
    • None
    • None
    • None

    Description

      The new API is more generic to the KMS providers. Instead of KMS provider specific API, the GCP and Azure KMS providers can both be set through:

      bool
      mongocrypt_setopt_kms_providers (mongocrypt_t *crypt, mongocrypt_binary_t *kms_providers);
      

      kms_providers is a BSON document which accepts keys for "gcp" and "azure". It closely matches the spec, and means no additional API is necessary to support future fields or new KMS providers. Currently it only accepts "gcp" and "azure". It would simplify binding code to support "aws" and "local".

      Similarly, the key encryption key (aka masterKey) set for a create datakey operation can be set through:

      bool
      mongocrypt_ctx_setopt_key_encryption_key (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *bin);
      

      bin includes the "provider" field. That also only supports "gcp" and "azure" currently.

      Attachments

        Activity

          People

            kevin.albertson@mongodb.com Kevin Albertson
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: