Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-394

Allow on-demand credentials for KMS providers other than AWS

    XMLWordPrintableJSON

Details

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Unknown Unknown
    • 1.4.0
    • None
    • None
    • None
    • Not Needed

    Description

      Background & Motivation

      MONGOCRYPT-382 adds support to passing credentials on-demand for only the "aws" KMS provider.

      On-demand credentials can be supplied by passing an empty document for "aws" in mongocrypt_setopt_kms_providers.

      Other KMS providers were out of scope for MONGOCRYPT-382. It is currently an error to pass an empty document for "azure", "gcp", "local", and "kmip".

      The proposed driver implementation of on-demand KMS providers intends to permit on-demand credentials for all KMS providers. See the conversation on this Java driver PR.

      Scope

      • Allow an empty document to be set for "azure", "gcp", "local", and "kmip" KMS providers.

      Attachments

        Activity

          People

            kevin.albertson@mongodb.com Kevin Albertson
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: