[DRIVERS-1463] Support authentication credential rotation Created: 01/Dec/20  Updated: 21/Jun/23  Resolved: 21/Jun/23

Status: Closed
Project: Drivers
Component/s: Security
Fix Version/s: None

Type: Epic Priority: Major - P3
Reporter: Frank Derwin (Inactive) Assignee: Rachelle Palmer
Resolution: Won't Do Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Issue split
split to JAVA-3896 Support authentication credential rot... Closed
Related
Cost Threshold %: 100
Driver Compliance:
Key Status/Resolution FixVersion
JAVA-3896 Won't Do

 Description   

The driver should provide support for rotating authentication credentials:

  • The customer may opt to rotate a specific credential (a password, client keytab, or a re-issued client certificate - when your private key will be the old one or a new one and the certificate will always be updated), or both the username and its credential
  • Drivers must support authentication hooks/override methods to handle custom logic. For example: when an external vault processes the password change, it will have a delay before the SCRAM / PLAIN password gets changed in the MongoDB Server / LDAP server. The customer-provided code will take care of this.
  • Once a MongoDB connection went through the authentication step, the driver no longer needs a credential. However, we must allow for customers to choose between two following scenarios: a) drain the existing connections ASAP and create a bunch of new ones using a new credential; b) keep the existing connections as long as needed, potentially until the next restart of the MongoDB Server instance or until the application code decides to re-authenticate using them.


 Comments   
Comment by Selvakumar Periyasamy [ 24/Aug/22 ]

Team,

Can we get the same feature of rotating credentials with the Node JS MongoDB driver as well.

Comment by PM Bot [ 27/Jan/22 ]

If you are not logged in, you can view the tickets in this epic by following this link.

Comment by PM Bot [ 18/Jan/22 ]

If you are not logged in, you can view the tickets in this epic by following this link.

Generated at Thu Feb 08 08:23:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.