[JAVA-3896] Support authentication credential rotation Created: 24/Nov/20 Updated: 21/Jun/23 Resolved: 21/Jun/23 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Frank Derwin (Inactive) | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 3 |
| Labels: | rp-track | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Case: | (copied to CRM) | ||||||||||||
| Description |
|
The driver should provide support for rotating authentication credentials:
|
| Comments |
| Comment by Jeffrey Yemin [ 21/Jun/23 ] |
|
FYI, this was closed because we're converging on an OIDC-based solution to credential rotation. |
| Comment by PM Bot [ 21/Jun/23 ] |
|
|
| Comment by Mark Paluch [ 22/Aug/22 ] |
|
FWIW, a MongoCredentialProvider providing MongoCredential could be a neat approach to let a component produce a credentials object once the driver wants to authenticate with a server. A MongoCredentialProvider could be e.g. implemented by Spring Cloud Vault to provide a backend that rotates credentials on the server side and provides the updated credentials to the application. |
| Comment by Peter Lewis [ 24/Jun/21 ] |
|
This is also an issue for us. Compliance to ISO 27001 requires that we rotate our credentials, but there is no effective "hook" to allow those java client connections that previously authenticated with old credentials to reauthenticate with the new credentials. Restarting the application is not acceptable, unfortunately (such as via pod restart, for example), so we need a way of gracefully continuing a connection without resorting to workarounds. Is there a way of extending the connection listener (or something similar) to trap authentication errors and allow reauthentication once the connection has been established (and then later experiences a failure)?
|