-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Client Side Encryption
Use Case
As a FLE user using AWS on-demand credential fetching with temporary credentials
I want the driver to cache the AWS credential provider,
So that credential refresh is handled by the AWS sdk and new credentials are not fetched per-request.
This issue was fixed for MongoDB AWS authentication in NODE-5616 but because we erroneously closed NODE-4234, the issue was not also fixed for KMS credential refresh.
User Impact
A user relying on AWS KMS credential refresh may see extra calls to the STS endpoint, potentially overloading the STS server.
Dependencies
None.
Unknowns
None.
Acceptance Criteria
Implementation Requirements
- Update AWS KMS credential fetching in `aws.ts` to cache the AWS credential provider.
- The provider should be initialized on-demand the first time AWS KMS credentials are requested.
Testing Requirements
- tbd - we don't have prose tests for this auth mechanism.
Documentation Requirements
None.
Follow Up Requirements
None.
1.
|
Fix GCP KMS Tests | NODE-6096 |
|
Closed | Durran Jordan | 6.6.0 |
2.
|
Fix Azure KMS Tests | NODE-6097 |
|
Closed | Durran Jordan | 6.6.0 |