[SERVER-54060] Implement a switch over between local master encryption key and KMIP master encryption key Created: 26/Jan/21  Updated: 11/Jul/23

Status: Investigating
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Minor - P4
Reporter: Andrey Brindeyev Assignee: Salman Baset
Resolution: Unresolved Votes: 9
Labels: rp-track
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Case:

 Description   

The existing procedure for the switch over from a local master encryption key to a KMIP master encryption key for the Encryption-at-Rest feature requires a wipe-out of the dbPath in the server, followed by a resync.

Given the size of replica sets in the field, it makes sense to extend the existing KMIP key rotation feature (SERVER-19845), so the customers can move between KMIP and local encryption keys back and forth, avoiding the initial sync procedure. This will save time and data transfer costs.


Generated at Thu Feb 08 05:32:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.