-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
As discussed in this comment from #1075:
I think we may need to consider how forking might affect FLE. Consider that this has a reference to two clients (its own and the key vault), and internal operations with the key vault client don't use our API that might conditionally call mongoc_client_reset when needed. I'm not sure how often the key vault client is used over the lifetime of the ClientEncryption object (or libmongoc in general), but perhaps we'll need to consider PID checks like we do for cursors and sessions when certain methods are called or this is destroyed.
There's probably a more general concern about auto encryption if the key vault is used over the lifetime of an application, too.
kevin.albertson confirmed that the key vault may be utilized for any operation that utilizes auto encryption, so there is definitely a "general concern" independent of ClientEncryption.
- is related to
-
PHPC-1293 Support Client-side Field Level Encryption (FLE)
- Released
-
CDRIVER-3491 mongoc_client_reset should reset key vault client
- Closed
-
PHPC-1274 Reset libmongoc client after forking to avoid interacting with parent resources in child processes
- Closed