Details
-
New Feature
-
Resolution: Fixed
-
Unknown
-
None
-
None
-
None
Description
Background
WRITING-9378 proposes adding a new context to libmongocrypt to assist with driver implementation of the new ClientEncryption::rewrapManyDataKey method.
The ClientEncryption::rewrapManyDataKey method should create a context in libmongocrypt.
The libmongocrypt context should do the following:
- Enter the MONGOCRYPT_CTX_NEED_MONGO_KEYS state to request the driver "find" matching keys.
- Decrypt matching keys with the old KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
- Encrypt matching keys with the new KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
Enter a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update on the key vault collection with the new documents.- Drivers are expected to run a bulk update after obtaining the rewrapped key documents with mongocrypt_ctx_finalize(), after which libmongocrypt has no further work to do. A new state was therefore deemed unnecessary.
Scope
- Support a new context in libmongocrypt to rewrap multiple data keys.
Add a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update.
Attachments
Issue Links
- related to
-
MONGOCRYPT-450 Remove unnecessary fields from rewrapManyDataKey result
-
- Closed
-