[SERVER-60625] Implement get for audit log encryption Created: 12/Oct/21 Updated: 29/Oct/23 Resolved: 26/Oct/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.2.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Shreyas Kalyan | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Sprint: | Security 2021-10-18, Security 2021-11-01 | ||||||||
| Participants: | |||||||||
| Description |
|
We should add a config option to use get for audit encryption instead of encrypt / decrypt. We then need to add support in the KMIP keystore to support this operation. This will involve retrieving the key from the KMIP keystore, encrypting the local encryption key, and storing the relevant metadata in the header (letting the decryptor know that the get operation was used). |
| Comments |
| Comment by Githook User [ 26/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |