Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32752

setting security.kmip.rotateMasterKey to false in configuration files does not work as expected

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor - P4 Minor - P4
    • 3.7.2
    • None
    • Security
    • None
    • Fully Compatible
    • ALL
    • Hide
      • Configure a mongod with security.kmip.rotateMasterKey like the following:

        security:
           enableEncryption: true
           kmip:
              rotateMasterKey: false
              serverName: localhost
              port: 6666
              ...
        

      • Start the mongod
      • In corresponding mongod log, look for master key rotation related entries. For instance:

        2018-01-18T00:24:25.408+0000 I STORAGE  [initandlisten] Rotated master encryption key from id 2 to id 4.
        

      Show
      Configure a mongod with security.kmip.rotateMasterKey like the following: security: enableEncryption: true kmip: rotateMasterKey: false serverName: localhost port: 6666 ... Start the mongod In corresponding mongod log, look for master key rotation related entries. For instance: 2018-01-18T00:24:25.408+0000 I STORAGE [initandlisten] Rotated master encryption key from id 2 to id 4.

    Description

      Hi,

      According to the document security.kmip.rotateMasterKey is boolean. However, the value of this option in configuration files does not matter. So long as this option presents in a configuration file, be it "true" or "false", rotate master key is enabled. The only way to disable it is to remove this option from the configuration file. I think this is a little confusing. I expected setting the value to "false" should do the same as taking this option out of the configuration file, just as how other boolean options work.

      Regards,
      Lungang

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            lungang.fang@mongodb.com Lungang Fang
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: