-
Type: Bug
-
Resolution: Fixed
-
Priority: Minor - P4
-
Affects Version/s: 6.3.0
-
Component/s: Client Side Encryption
What problem are you facing?
The AWS SDK when fetching credentials returns an extra "expiration" field which is invalid to pass to libmongocrypt and also not defined in the spec. The only valid fields to pass are accessKeyId, secretAccessKey, and sessionToken.
What driver and relevant dependency versions are you using?
Latest
Steps to reproduce?
- Create a new ClientEncryption with empty aws: {} options for kmsProviders to allow the SDK to fetch the credentials.
- Will fail with a MongoCryptError: Unexpected field: 'expiration'
AC:
- When loading the credentials from the SDK, if an expiration field is present then remove it.
- Investigate if we need to do more around potential refresh cases.
There are no Sub-Tasks for this issue.