[SERVER-44044] Remove unused second parameter from KeyVault.createDataKey() - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.3.1, 4.2.3
Component/s: Security, Shell
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.2
Sprint:
Security 2019-11-04, Security 2019-11-18

Description

In the 4.2 mongo shell, KeyVault.createKey() takes three parameters. The second parameter customerMasterKey indicates that the user should set a CMK for the local KMS.

From discussions, this appears to be a vestigial parameter in the context of the local KMS that is ultimately not used. The generateDataKey method eventually boils down to an kms_local.encrypt where the specified CMK is unused.

The documentation will be modified to have users input an empty string ("") for the parameter. To clean this up, the second parameter should be optional (or rejected?) when kms = "local" .

Attachments

Issue Links

is documented by

DOCS-13121 Investigate changes in SERVER-44044: Remove unused second parameter from KeyVault.createDataKey()

Closed

Activity

People

Assignee:: Shreyas Kalyan

Reporter:: Ravind Kumar (Inactive)

Participants:: Bernie Hackett, Githook User, Kenneth White, Kevin Albertson, Ravind Kumar, Shreyas Kalyan

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: Oct 16 2019 03:23:21 PM UTC

Updated:: Jan 24 2020 06:02:18 AM UTC

Resolved:: Nov 05 2019 08:22:43 PM UTC