-
Type: New Feature
-
Resolution: Fixed
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
The driver depends on libmongocrypt to create encrypted key material so it can insert into the key vault. The driver spec "Driver: Key Vault" describes the document that gets created. libmongocrypt is used to generate the "keyMaterial" field's value.
To do so, libmongocrypt should provide API that does the following:
- creates a data key (64 byte random string)
- asks the driver to encrypt the data key material with KMS by returning a mongocrypt_key_decryptor_t (being added in
CDRIVER-2949) - returns the final encrypted data key