[MONGOCRYPT-394] Allow on-demand credentials for KMS providers other than AWS Created: 04/Mar/22  Updated: 28/Oct/23  Resolved: 17/Mar/22

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.4.0

Type: New Feature Priority: Unknown
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to DRIVERS-2017 Add ClientEncryption entity and Key M... Closed
Binding Changes: Not Needed

 Description   

Background & Motivation

MONGOCRYPT-382 adds support to passing credentials on-demand for only the "aws" KMS provider.

On-demand credentials can be supplied by passing an empty document for "aws" in mongocrypt_setopt_kms_providers.

Other KMS providers were out of scope for MONGOCRYPT-382. It is currently an error to pass an empty document for "azure", "gcp", "local", and "kmip".

The proposed driver implementation of on-demand KMS providers intends to permit on-demand credentials for all KMS providers. See the conversation on this Java driver PR.

Scope

  • Allow an empty document to be set for "azure", "gcp", "local", and "kmip" KMS providers.


 Comments   
Comment by Githook User [ 17/Mar/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-394 Allow on-demand credentials for KMS providers other than AWS (#269)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/3016bb69032f82ebd7675e73072c1901c841312e

Generated at Thu Feb 08 09:08:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.