[DRIVERS-2389] Add session support to the key management API Created: 14/Jul/22  Updated: 19/Jul/22

Status: Backlog
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Spec Change Priority: Unknown
Reporter: Bailey Pearson Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to DRIVERS-1937 Support explicit sessions in CSFLE au... Backlog
Driver Changes: Needed

 Description   

Summary

The key management specification currently leaves the implementation of sessions in the Key Management API as optional for drivers to implement (see https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/client-side-encryption.rst#support-sessions-in-key-management-functions).  Session support should be added to the key management functions so that users can provide explicit sessions to their key management operations.

An additional consideration would be to provide a mechanism for users to create explicit sessions from the ClientEncryption interface, to ensure that any sessions explicit sessions with the key management API are created by the correct client (the key vault client).

Motivation

Who is the affected end user?

Any user of CSFLE.

How does this affect the end user?

Currently, users do not have a mechanism to provide a session to the key management API.  As a result, the key vault can only be accessed by a single client at a time.

How likely is it that this problem or use case will occur?

Sessions currently are not supported on the ClientEncryption object, so unlikely.

If the problem does occur, what are the consequences and how severe are they?

If a user did attempt to access the key vault with multiple clients (without support for sessions and transactions), it is conceivable that they could end up with the keyvault in an invalid state.

Is this issue urgent?

No.

Is this ticket required by a downstream team?

No.

Is this ticket only for tests?

No.


Generated at Thu Feb 08 08:25:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.