[SERVER-79029] Create a BinData type for unencrypted redacted values like HMAC key Created: 17/Jul/23  Updated: 05/Jan/24  Resolved: 21/Jul/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.1.0-rc0

Type: Task Priority: Major - P3
Reporter: William Qian Assignee: William Qian
Resolution: Fixed Votes: 0
Labels: customer-security-and-privacy-considerations
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-85105 Tracking: PM-2885 Milestone 0 Closed
Documented
Backwards Compatibility: Fully Compatible
Sprint: QO 2023-07-24
Participants:

 Description   

https://jira.mongodb.org/browse/SERVER-78961 discusses audit log redaction in the context of encrypted data via BinData 6. For unencrypted but sensitive data like the HMAC key, we need to create a separate BinData type for signaling such values that should always be redacted.



 Comments   
Comment by Geert Bosch [ 28/Jul/23 ]

You can just create a pull request for the https://github.com/mongodb/bsonspec.org.git repo. You can track this with a SERVER ticket if you'd like, or just post the link here.

Comment by William Qian [ 28/Jul/23 ]

No, I don't think so. What's the right project to file a ticket like that under? The closest thing I have is this DRIVERS ticket: https://jira.mongodb.org/browse/DRIVERS-2687

Comment by Geert Bosch [ 28/Jul/23 ]

This new BSON BinData type should be documented on bsonspec.org. Is there a ticket for that? william.qian@mongodb.com

Comment by Githook User [ 20/Jul/23 ]

Author:

{'name': 'William Qian', 'email': 'william.qian@mongodb.com', 'username': 'wqian94'}

Message: SERVER-79029 Create BinData type Sensitive
Branch: master
https://github.com/mongodb/mongo/commit/a9cc8e632713e0cab54f73ef20ef86b44df066d5

Generated at Thu Feb 08 06:39:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.