[SERVER-53081] Extend KMSService to support BSONObj cmks Created: 25/Nov/20  Updated: 29/Oct/23  Resolved: 08/Dec/20

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: None
Fix Version/s: 4.9.0

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Security 2020-12-14
Participants:

 Description   

Today, KMSService only supports encryptDataKey where a cmk is identified by a string. This does not support the needs of Azure and GCP which need their key information defined by BSON.

KMService should be extended as follows:

  • add virtual StringData name() const = 0;
  • add virtual BSONObj encryptDataKey(ConstDataRange cdr, BSONObj keyId);
  • change the existing encryptDataKey to be non-abstract
  • create default implementations of encryptDataKey that throw errors saying the key format is unsupported.

change EncryptedDBClientBase::generateDataKey to dispatch to the right encryptDataKey depending on type of the parameter, and adjust the type checking in KeyVault::_createKey.



 Comments   
Comment by Githook User [ 15/Mar/21 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-53081 Extend KMSService to support BSONObj customer master keys

(cherry picked from commit 30d7437961ad9dffbad2d99e2a32947c02637c89)
Branch: v4.4
https://github.com/mongodb/mongo/commit/02d1505c04ae7460aa647aa9811942c931f9e9db

Comment by Githook User [ 07/Dec/20 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-53081 Extend KMSService to support BSONObj customer master keys
Branch: master
https://github.com/mongodb/mongo/commit/30d7437961ad9dffbad2d99e2a32947c02637c89

Generated at Thu Feb 08 05:29:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.