[JAVA-4499] Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS Created: 16/Feb/22  Updated: 28/Oct/23  Resolved: 23/Mar/22

Status: Closed
Project: Java Driver
Component/s: Client Side Encryption
Affects Version/s: None
Fix Version/s: 4.6.0

Type: Epic Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: QP-priority
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on MONGOCRYPT-393 Support on-demand credentials in Java... Closed
Documented
Related
is related to JAVA-4604 Obtain AWS credentials for CSFLE in t... Closed
is related to DRIVERS-2280 Obtain AWS credentials for CSFLE in t... Closed
Quarter: FY23Q1
Documentation Changes: Needed
Start date:
End date:
Calendar Time: 6 weeks, 2 days
Scope Cost Estimate: 5
Cost to Date: 3
Final Cost Estimate: 3
Cost Threshold %: 100
Detailed Project Statuses:

Engineer(s): Jeff

Summary: Currently, for MONGODB-AWS authentication mechanism the driver obtains the credentials according to the rules specified in https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials. In addition, it supports obtaining credentials from an application-provided callback (see JAVA-4295).

With CSFLE, in contrast, AWS credentials must be provided explicitly via the kmsProviders property of AutoEncryptionSettings or ClientEncryptionSettings.

This epic will add equivalent support in CSFLE as is already provided for MONGODB-AWS.

2022-03-22: Maintaining target end date of 2022-04-01

  • Support application callback to obtain credentials in code review. This is the last piece of work needed to wrap this up
  • Goldman has agreed to test a pre-release

2022-03-08: Updated target end date to 2022-04-01

  • libmongocrypt wrapper support in code review
  • Refactoring of MONGDB-AWS code is complete

2022-02-22: Setting initial target end date to 2022-03-25

  • Jeff started on the refactoring work which is independent of the mongocrypt work late last week and that's currently in review
  • The remaining tickets are blocked on MONGOCRYPT-382 which is currently in review
  • Jeff is OOO this week


 Description   

Currently, for MONGODB-AWS authentication mechanism the driver obtains the credentials according to the rules specified in https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials. In addition, it supports obtaining credentials from an application-provided callback (see JAVA-4295).

With CSFLE, in contrast, AWS credentials must be provided explicitly via the kmsProviders property of AutoEncryptionSettings or ClientEncryptionSettings.

This epic will add equivalent support in CSFLE as is already provided for MONGODB-AWS.



 Comments   
Comment by PM Bot [ 16/Feb/22 ]

If you are not logged in, you can view the tickets in this epic by following this link.

Generated at Thu Feb 08 09:02:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.