Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-394

Allow on-demand credentials for KMS providers other than AWS

    • Type: Icon: New Feature New Feature
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 1.4.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed

      Background & Motivation

      MONGOCRYPT-382 adds support to passing credentials on-demand for only the "aws" KMS provider.

      On-demand credentials can be supplied by passing an empty document for "aws" in mongocrypt_setopt_kms_providers.

      Other KMS providers were out of scope for MONGOCRYPT-382. It is currently an error to pass an empty document for "azure", "gcp", "local", and "kmip".

      The proposed driver implementation of on-demand KMS providers intends to permit on-demand credentials for all KMS providers. See the conversation on this Java driver PR.

      Scope

      • Allow an empty document to be set for "azure", "gcp", "local", and "kmip" KMS providers.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: