-
Type: New Feature
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
This ticket was split from DRIVERS-2280, please see that ticket for a detailed description.
- Call mongocrypt_setopt_use_need_kms_credentials_state to opt in to handling the new MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state. This is already implemented in the libmongocrypt Node bindings.
- Handle the new MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS state. (The Node state machine already has this case) If the originally configured KMS providers have an empty aws: {}, attempt to obtain AWS credentials following the logic of Obtaining Credentials (excluding the URI section) if the existing user provided callback doesn't fill them out. Pass the new credentials back with mongocrypt_ctx_provide_kms_providers
- Write integration tests in the driver that test that the AWS credentials can be found and used.
Please see the C driver implementation as a reference. Note: the C driver also supports a user-provided callback for KMS providers. That is not in scope of DRIVERS-2280.
- split from
-
DRIVERS-2280 Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS
- Closed