[SERVER-53081] Extend KMSService to support BSONObj cmks Created: 25/Nov/20 Updated: 29/Oct/23 Resolved: 08/Dec/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | 4.9.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Security 2020-12-14 |
| Participants: |
| Description |
|
Today, KMSService only supports encryptDataKey where a cmk is identified by a string. This does not support the needs of Azure and GCP which need their key information defined by BSON. KMService should be extended as follows:
change EncryptedDBClientBase::generateDataKey to dispatch to the right encryptDataKey depending on type of the parameter, and adjust the type checking in KeyVault::_createKey. |
| Comments |
| Comment by Githook User [ 15/Mar/21 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 30d7437961ad9dffbad2d99e2a32947c02637c89) |
| Comment by Githook User [ 07/Dec/20 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |