[KAFKA-192] Support FLE in the Kafka connector Created: 08/Feb/21  Updated: 04/Jan/24

Status: Backlog
Project: Kafka Connector
Component/s: None
Affects Version/s: None
Fix Version/s: 1.12.0

Type: Epic Priority: Major - P3
Reporter: Ross Lawley Assignee: Unassigned
Resolution: Unresolved Votes: 3
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Quarter: FY24Q4
Case:

 Description   
Epic Summary

Summary
Provide FLE support for the Mongo Kafka Connector

Motivation
The Java driver supports Field Level Encryption (FLE). Users may want to encrypt data from their Kafka topics and store it in MongoDB.

Its also possible Change stream data may contain encrypted data that is needed to decrypted before publishing to a topic.

Cast of Characters

Engineering Lead:
Document Author:
POCers:
Product Owner:
Program Manager:
Stakeholders:

Documentation

[Scope Document|some.url]
[Technical Design Document|some.url]



 Comments   
Comment by Ashish Singh [ 24/Aug/23 ]

robert.walters@mongodb.com We plan to use automatic encryption/decryption with customer key managed via AWS KMS. User should be able to configure the connector with details like key vault, kms provider etc. which would be used for auto encryption.

Do you have a tentative timeline when this version would be available for use. This would help us plan and prioritize the backlog items.

Comment by Robert Walters [ 24/Aug/23 ]

ashishsingh894@gmail.com It is targeted for 1.12 but might not end up in this next release depending on the implementation details.

 

Can you describe what you expect from a user experience configuring and using CSFLE?  Are you looking for automatic encryption/decryption?  what key vault management solution do you use ?

Comment by Ashish Singh [ 24/Aug/23 ]

Thanks ross@mongodb.com - Seems this feature would be available on connector version 1.12, I see v1.10 is the latest one as per the official connector documentation.

Please update the Jira status accordingly.

 

Comment by Ashish Singh [ 14/Aug/23 ]

Working on a use case that demands encrypting sensitive data like customer card information while kafka connect writes to mongo via mongodb sink connector. Currently CSFLE isn't supported on the java driver which hampers us since built-in automatic encryption capability can't be used for now.    Can you re-prioritize this issue to get this feature enabled in near future. 

Generated at Thu Feb 08 09:05:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.