[DRIVERS-1960] Make read concern and write concern for key vault configurable Created: 20/Oct/21  Updated: 15/Nov/22

Status: Backlog
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Spec Change Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Unassigned
Resolution: Unresolved Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to JAVA-4362 KeyRetriever uses majority read conce... Blocked
is related to GODRIVER-2648 Mongo FLE keyvault collection has har... Backlog
Driver Changes: Needed

 Description   

Summary

Make read concern and write concern for key vault configurable.

Motivation

Client Side Encryption requires majority read and write concern for operations:

For key management functions that require creating, updating, or deleting key documents in the key vault collection, the corresponding operations MUST be done with write concern majority.

For encryption/decryption and key management functions that require reading key documents from the key vault collection, the corresponding operations MUST be done with read concern majority.

This prohibits use of clusters where majority read concern has been disabled by adding an option to the encryption settings allowing the read concern to be specified.

Who is the affected end user?

Operations teams that have disabled majority read concern as per our documentation. 

How does this affect the end user?

End users may be blocked if dev ops are not willing or able to re-enable majority read concern.  But there is a workaround: enable majority read concern. 

How likely is it that this problem or use case will occur?

We've heard about this from 2 users since the release of field level encryption, so it does not seem particularly common.

If the problem does occur, what are the consequences and how severe are they?

Unable to use field level encryption

Is this issue urgent?

Unclear whether it's urgent for the user that reported it.

Is this ticket required by a downstream team?

No

Is this ticket only for tests?

No



 Comments   
Comment by Jeffrey Yemin [ 20/Oct/21 ]

Alternatives considered:

  1. Do nothing
  2. Document that users must enable majority read concern to use field level encryption
Generated at Thu Feb 08 08:24:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.