[DRIVERS-2296] Allow ClientEncryptionOpts.keyVaultClient to be optional if ClientEncryption object is created via a MongoClient Created: 26/Apr/22  Updated: 23/May/22

Status: Backlog
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Spec Change Priority: Minor - P4
Reporter: Jeremy Mikola Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to DRIVERS-2017 Add ClientEncryption entity and Key M... Closed
Driver Changes: Not Needed

 Description   

Summary

In this PR comment thread for DRIVERS-2017, I realized that keyVaultClient is a required option of ClientEncryptionOpts (see: ClientEncryption in the CSFLE spec). The CSFLE spec never explicitly discussed how ClientEncryption objects should be created, but one can infer that by requiring keyVaultClient they should be constructed independently of a MongoClient object.

In PHPC, ClientEncryption objects have historically been constructed through the client object (i.e. MongoDB\Driver\Manager::createClientEncryption()). Therefore, keyVaultClient is optional and defaults to the parent client, similar to AutoEncryptionOpts.

If PHPC is not alone in allowing ClientEncryption objects to be constructed through a MongoClient, I'd propose that the spec allow ClientEncryptionOptions.keyVaultClient to be optional in such an API. If not, we can close this out and I'll open a PHPC ticket to allow ClientEncryption to be constructed directly (with a required keyVaultClient option).

Motivation

Is this issue urgent?

No.

Is this ticket required by a downstream team?

No.

Is this ticket only for tests?

No.


Generated at Thu Feb 08 08:25:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.