Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44044

Remove unused second parameter from KeyVault.createDataKey()

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.1
    • Component/s: Security, Shell
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.2
    • Sprint:
      Security 2019-11-04, Security 2019-11-18

      Description

      In the 4.2 mongo shell, KeyVault.createKey() takes three parameters. The second parameter customerMasterKey indicates that the user should set a CMK for the local KMS.

      From discussions, this appears to be a vestigial parameter in the context of the local KMS that is ultimately not used. The generateDataKey method eventually boils down to an kms_local.encrypt where the specified CMK is unused.

      The documentation will be modified to have users input an empty string ("") for the parameter. To clean this up, the second parameter should be optional (or rejected?) when kms = "local" .

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: