[MONGOCRYPT-382] Support on-demand credentials Created: 15/Feb/22 Updated: 28/Oct/23 Resolved: 08/Mar/22 |
|
| Status: | Closed |
| Project: | Libmongocrypt |
| Component/s: | C library |
| Affects Version/s: | None |
| Fix Version/s: | 1.4.0-alpha0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Kevin Albertson | Assignee: | Kevin Albertson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Description |
|
Background & Motivation KMS credentials are set on a mongocrypt_t with mongocrypt_setopt_kms_providers. Once set, the KMS credentials cannot be changed for the lifetime of the mongocrypt_t. This poses a problem for users wanting to use temporary credentials that may expire. There is no way to update the credentials on a mongocrypt_t Here is an example of getting AWS temporary credentials and using them with Go driver for CSFLE. Scope
|
| Comments |
| Comment by Githook User [ 07/Mar/22 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: |
| Comment by Bailey Pearson [ 07/Mar/22 ] |
|
Hey anna.henningsen - Looks like the PR related to this work broke a couple of the node driver's tests in CI (failing build here). Reverting the PR and pointing our tests to the revert commit passes - https://spruce.mongodb.com/version/622672dba4cf4739fb6b571c/tasks. These tests didn't run in CI for libmongocrypt because they require a MongoClient that's connected to a live server. Related node ticket to track so that the work isn't lost - https://jira.mongodb.org/browse/NODE-4065. |
| Comment by Githook User [ 04/Mar/22 ] |
|
Author: {'name': 'Anna Henningsen', 'email': 'anna@addaleax.net', 'username': 'addaleax'}Message: |