[SERVER-44044] Remove unused second parameter from KeyVault.createDataKey() Created: 16/Oct/19 Updated: 29/Oct/23 Resolved: 05/Nov/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Shell |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.1, 4.2.3 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Ravind Kumar (Inactive) | Assignee: | Shreyas Kalyan |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Backport Requested: |
v4.2
|
||||||||||||||||
| Sprint: | Security 2019-11-04, Security 2019-11-18 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
In the 4.2 mongo shell, KeyVault.createKey() takes three parameters. The second parameter customerMasterKey indicates that the user should set a CMK for the local KMS. From discussions, this appears to be a vestigial parameter in the context of the local KMS that is ultimately not used. The generateDataKey method eventually boils down to an kms_local.encrypt where the specified CMK is unused. The documentation will be modified to have users input an empty string ("") for the parameter. To clean this up, the second parameter should be optional (or rejected?) when kms = "local" . |
| Comments |
| Comment by Githook User [ 03/Jan/20 ] | ||||
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@mongodb.com', 'username': 'shreyaskal'}Message: (cherry picked from commit 05aec2872159cf583fe8655ca55f4bf70268efcf) | ||||
| Comment by Githook User [ 03/Jan/20 ] | ||||
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@mongodb.com', 'username': 'shreyaskal'}Message: (cherry picked from commit 0a325880da7d34f4eed430b372fc43a35132a4f3) | ||||
| Comment by Githook User [ 05/Nov/19 ] | ||||
|
Author: {'username': 'shreyaskal', 'email': 'shreyas.kalyan@mongodb.com', 'name': 'Shreyas Kalyan'}Message: | ||||
| Comment by Githook User [ 05/Nov/19 ] | ||||
|
Author: {'username': 'shreyaskal', 'email': 'shreyas.kalyan@mongodb.com', 'name': 'Shreyas Kalyan'}Message: | ||||
| Comment by Kevin Albertson [ 16/Oct/19 ] | ||||
|
The API for drivers already specifies the masterKey as a BSON document to closely correspond to the masterKey schema of document in the key vault collection and not to tie arguments to AWS specifics:
The spec notes that it is required for AWS, but not applicable for local:
So I do not think we need to make a change in drivers. | ||||
| Comment by Ravind Kumar (Inactive) [ 16/Oct/19 ] | ||||
|
As a sidebar, I noticed in the java driver docs we aren't making clear the relationship between the `DataKeyOpts.masterKey` value and `kmsProvider`. Without an example, a user cannot know that aws requires `masterKey` and `local` ignores it. Not sure how consistent we are across driver docs on making the relationship consistent. | ||||
| Comment by Kenneth White [ 16/Oct/19 ] | ||||
|
I have an example of how this looks for shell with a local key here (line 50): | ||||
| Comment by Bernie Hackett [ 16/Oct/19 ] | ||||
|
kevin.albertson jeff.yemin, do we already have a ticket to track this work in drivers? | ||||
| Comment by Ravind Kumar (Inactive) [ 16/Oct/19 ] | ||||
|
Kenn pointed out that there might be driver-side changes depending on what drivers do with the CMK for local KMS. If we are universally throwing away the CMK for local KMS, I think its worth logging a warning that the CMK value is ignored for local KMS (just so there are no surprises) and updating driver docs to state the same. |