[MONGOCRYPT-283] Support aws and local in new API Created: 26/Sep/20  Updated: 28/Oct/23  Resolved: 13/Oct/20

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.1.0-beta1

Type: New Feature Priority: Minor - P4
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: MONGOCRYPT-250

 Description   

The new API is more generic to the KMS providers. Instead of KMS provider specific API, the GCP and Azure KMS providers can both be set through:

bool
mongocrypt_setopt_kms_providers (mongocrypt_t *crypt, mongocrypt_binary_t *kms_providers);

kms_providers is a BSON document which accepts keys for "gcp" and "azure". It closely matches the spec, and means no additional API is necessary to support future fields or new KMS providers. Currently it only accepts "gcp" and "azure". It would simplify binding code to support "aws" and "local".

Similarly, the key encryption key (aka masterKey) set for a create datakey operation can be set through:

bool
mongocrypt_ctx_setopt_key_encryption_key (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *bin);

bin includes the "provider" field. That also only supports "gcp" and "azure" currently.



 Comments   
Comment by Githook User [ 13/Oct/20 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-283 consolidate KEK and KMS provider API (#116)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/509ae2ec26000b9351e322d38b06b3a0d1aa873f

Comment by Kevin Albertson [ 08/Oct/20 ]

PR: https://github.com/mongodb/libmongocrypt/pull/116

Comment by Kevin Albertson [ 02/Oct/20 ]

Additionally, AWS and local options for creating a data key, and parsing a key document, should be represented in a union.

Generated at Thu Feb 08 09:08:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.