Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-2913

Interactive password prompt for TLS encrypted private keys

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Scheduled
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 100.6.0
    • Component/s: None
    • Labels:
      None
    • Case:

      Description

      Problem Statement/Rationale

      Old tools used to ask for a password interactively. This is no longer the case with new tools.

      Steps to Reproduce

      Point mongodump to a client certificate that has an encrypted private key (PKCS#5 or PKCS#8)

      Expected Results

      The utility unwraps the private key and leaves no trace of the password neither in the process table or in a configuration file on the disk

      Actual Results

      The utility fails with the can't load client certificate: no password provided to decrypt private key error

      Additional Notes

      The customer can't use a configuration file or the --sslPEMKeyPassword command-line parameter due to compliance reasons

        Attachments

          Activity

            People

            Assignee:
            robert.walters Robert Walters
            Reporter:
            andrey.brindeyev Andrey Brindeev
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: