Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Minor - P4
Fix Version/s: 3.7.2
Affects Version/s: None
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:
Hide

Configure a mongod with security.kmip.rotateMasterKey like the following:

security: enableEncryption: true kmip: rotateMasterKey: false serverName: localhost port: 6666 ...

Start the mongod

In corresponding mongod log, look for master key rotation related entries. For instance:

2018-01-18T00:24:25.408+0000 I STORAGE [initandlisten] Rotated master encryption key from id 2 to id 4.
Show
Configure a mongod with security.kmip.rotateMasterKey like the following: security: enableEncryption: true kmip: rotateMasterKey: false serverName: localhost port: 6666 ... Start the mongod In corresponding mongod log, look for master key rotation related entries. For instance: 2018-01-18T00:24:25.408+0000 I STORAGE [initandlisten] Rotated master encryption key from id 2 to id 4.
Case:

Hi,

According to the document security.kmip.rotateMasterKey is boolean. However, the value of this option in configuration files does not matter. So long as this option presents in a configuration file, be it "true" or "false", rotate master key is enabled. The only way to disable it is to remove this option from the configuration file. I think this is a little confusing. I expected setting the value to "false" should do the same as taking this option out of the configuration file, just as how other boolean options work.

Regards,
Lungang

Assignee:: Mark Benvenuto

Reporter:: Lungang Fang

Participants:: Githook User, Lungang Fang, Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: Jan 18 2018 12:30:16 AM UTC

Updated:: Oct 30 2023 11:09:14 PM UTC

Resolved:: Jan 29 2018 04:43:06 PM UTC

Details

Description

Attachments

Activity

People

Dates