[SERVER-32752] setting security.kmip.rotateMasterKey to false in configuration files does not work as expected Created: 18/Jan/18  Updated: 30/Oct/23  Resolved: 29/Jan/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.7.2

Type: Bug Priority: Minor - P4
Reporter: Lungang Fang Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:
  • Configure a mongod with security.kmip.rotateMasterKey like the following:

    security:
       enableEncryption: true
       kmip:
          rotateMasterKey: false
          serverName: localhost
          port: 6666
          ...
    

  • Start the mongod
  • In corresponding mongod log, look for master key rotation related entries. For instance:

    2018-01-18T00:24:25.408+0000 I STORAGE  [initandlisten] Rotated master encryption key from id 2 to id 4.
    

Participants:
Case:

 Description   

Hi,

According to the document security.kmip.rotateMasterKey is boolean. However, the value of this option in configuration files does not matter. So long as this option presents in a configuration file, be it "true" or "false", rotate master key is enabled. The only way to disable it is to remove this option from the configuration file. I think this is a little confusing. I expected setting the value to "false" should do the same as taking this option out of the configuration file, just as how other boolean options work.

Regards,
Lungang



 Comments   
Comment by Githook User [ 29/Jan/18 ]

Author:

{'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto', 'username': 'markbenvenuto'}

Message: SERVER-32752 Cast switch type parameters to bool
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/cbd9fd4d9c5e4465563502dce5d802bb42327e82

Generated at Thu Feb 08 04:31:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.