<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:25:30 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2411] Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2411</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;&lt;em&gt;At present, using Azure Key Vault for KMS requires a tenant ID, client ID, and client secret (password) in order to obtain an OAuth2 token to subsequently query the Azure Key Vault for key management.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Azure VMs are automatically assigned a Managed Identity which allows the VM to obtain an OAuth2 token by querying a private metadata HTTP endpoint without any special credentials. The token obtained can then be used to request access to Azure resources, including the Key Vault, if applicable.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;We have added support for automatic KMS credentials for AWS (&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2280&quot; title=&quot;Obtain AWS credentials for CSFLE in the same way as for MONGODB-AWS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2280&quot;&gt;&lt;del&gt;DRIVERS-2280&lt;/del&gt;&lt;/a&gt;) and GCP (&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;DRIVERS-2377&lt;/del&gt;&lt;/a&gt;). The Azure VM Managed Identity can be used for the same purpose, removing the need for the client to provide credentials if they are running within an Azure VM that has the appropriate access to the Key Vault:&lt;/em&gt;&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;&lt;em&gt;Allow the user to omit Azure credentials as part of &lt;tt&gt;kmsProviders&lt;/tt&gt;, and request that credentials be obtained automatically from the environment.&lt;/em&gt;&lt;/li&gt;
	&lt;li&gt;&lt;em&gt;Attempt to load OAuth2 token from the Azure metadata endpoint. If we are running within an Azure VM, this token corresponds to the managed identity of that VM.&lt;/em&gt;&lt;/li&gt;
	&lt;li&gt;&lt;em&gt;Use the token from (2) as the KMS credential for client encryption.&lt;/em&gt;&lt;/li&gt;
&lt;/ol&gt;


&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;
&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;All end users of client-side encryption that wish to use Azure Key Vault as their KMS provider, and are running their client within an Azure VM.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;Supporting the VM&apos;s managed identity alleviates the need to manage a separate set of credentials for their client application.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;As Azure KMS users are likely running within an Azure VM, most Azure users will likely find benefit in delegating the credential management to the Azure platform.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;Managing and securing additional credentials creates an additional security concern and barrier to adoption for client-side encryption, whereas requesting the client driver to automatically work with the Azure host is simpler, more secure, and less error-prone.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;The first mention of using Azure Managed Identities appears in December of 2020. The recent addition of automatic credentials for AWS and GCP makes this change prudent to match platform support.&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;No&lt;/em&gt;&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;

&lt;p&gt;&lt;em&gt;No&lt;/em&gt;&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="2111178">DRIVERS-2411</key>
            <summary>Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="colby.pike@mongodb.com">Colby Pike</assignee>
                                    <reporter username="colby.pike@mongodb.com">Colby Pike</reporter>
                        <labels>
                            <label>RDY</label>
                    </labels>
                <created>Wed, 10 Aug 2022 22:40:50 +0000</created>
                <updated>Tue, 29 Aug 2023 15:52:53 +0000</updated>
                            <resolved>Fri, 14 Jul 2023 19:26:53 +0000</resolved>
                                                        <component>Client Side Encryption</component>
                                        <votes>0</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="5349871" author="xgen-internal-githook" created="Sat, 15 Apr 2023 15:07:39 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; remove install-az.sh (#293)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; remove install-az.sh&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;note which distros have `az` installed&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;remove reference to `install-az.sh`&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;check for az version &amp;gt;= 2.25.0&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;add link to error message&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;use bash, not python&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/a32089ea67af7d473d3d92391b58bbbcbba2e1fb&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/a32089ea67af7d473d3d92391b58bbbcbba2e1fb&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="5228484" author="xgen-internal-githook" created="Fri, 24 Feb 2023 13:29:31 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; Do not skip install of `azure-cli` if `az` is detected (#271)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; skip check if az is installed&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;print version of `az`&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/ff4e2d652e25bf62c47e4367d6e21338f9e27061&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/ff4e2d652e25bf62c47e4367d6e21338f9e27061&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="4957789" author="xgen-internal-githook" created="Sun, 6 Nov 2022 13:41:01 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; permit global cache (#1340)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/c796a746327af27f9070bd1791ced6bce9176453&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/c796a746327af27f9070bd1791ced6bce9176453&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4952740" author="xgen-internal-githook" created="Thu, 3 Nov 2022 16:50:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; fix handling of `AZUREKMS_IMAGE` (#243)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;fix handling of `AZUREKMS_IMAGE`&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;pin to the latest version of Debian 11&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;update README with new default and script to obtain latest debian image&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/680e4853d5a3e4107da1eea5baf017d490e89661&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/680e4853d5a3e4107da1eea5baf017d490e89661&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="4919763" author="xgen-internal-githook" created="Fri, 21 Oct 2022 20:40:17 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; add integration tests for Azure KMS (#1325)&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; add integration tests&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4916779" author="xgen-internal-githook" created="Thu, 20 Oct 2022 19:41:49 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; add test scripts for Azure VM (#239)&lt;/p&gt;

&lt;p&gt;Add scripts for integration testing.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/976d3c8020e95040e5d413b345f50c106b7bc3b7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/976d3c8020e95040e5d413b345f50c106b7bc3b7&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4908625" author="xgen-internal-githook" created="Mon, 17 Oct 2022 23:43:22 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;vector-of-bool&apos;, &apos;email&apos;: &apos;vectorofbool@gmail.com&apos;, &apos;username&apos;: &apos;vector-of-bool&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; Prose Tests for IMDS Communication (#1314)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Defining initial prose tests for IMDS communication.&lt;/li&gt;
	&lt;li&gt;Fix incorrect Azure resource URL in spec doc&lt;/li&gt;
	&lt;li&gt;Specify a timeout on the IMDS HTTP request&lt;/li&gt;
	&lt;li&gt;Tweak wording on timeout and error handling, fix typo in IP addr&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="4891959" author="xgen-internal-githook" created="Mon, 10 Oct 2022 19:00:08 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;vector-of-bool&apos;, &apos;email&apos;: &apos;vectorofbool@gmail.com&apos;, &apos;username&apos;: &apos;vector-of-bool&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; Add a fake_azure server for testing (#235)&lt;/p&gt;

&lt;p&gt;Add a fake_azure server for testing&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/651efa00f0118fff65e075706a80f4fafd7b0b04&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/commit/651efa00f0118fff65e075706a80f4fafd7b0b04&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4856718" author="xgen-internal-githook" created="Mon, 26 Sep 2022 20:29:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;vector-of-bool&apos;, &apos;email&apos;: &apos;vectorofbool@gmail.com&apos;, &apos;username&apos;: &apos;vector-of-bool&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt; Add behavior for automatic Azure KMS credentials (#1291)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Add behavior for automatic Azure KMS credentials&lt;/li&gt;
	&lt;li&gt;Cache automatically obtained Azure tokens&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="4815598" author="xgen-internal-githook" created="Fri, 9 Sep 2022 19:57:01 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;vector-of-bool&apos;, &apos;email&apos;: &apos;vectorofbool@gmail.com&apos;, &apos;username&apos;: &apos;vector-of-bool&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4454&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4454&quot;&gt;&lt;del&gt;CDRIVER-4454&lt;/del&gt;&lt;/a&gt; Automatic Azure KMS Credentials (#1097)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Initial automatic Azure KMS based on &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2411&quot; title=&quot;Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2411&quot;&gt;&lt;del&gt;DRIVERS-2411&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;Split request_send into testable components&lt;/li&gt;
	&lt;li&gt;Add private API for querying Azure IMDS&lt;/li&gt;
	&lt;li&gt;Test cases for Azure IMDS&lt;/li&gt;
	&lt;li&gt;Convenience macro for test installation&lt;/li&gt;
	&lt;li&gt;Use separate IMSD request API&lt;/li&gt;
	&lt;li&gt;No managedIdentity parameters for now&lt;/li&gt;
	&lt;li&gt;Simple point-in-time and duration abstraction&lt;/li&gt;
	&lt;li&gt;Cache the Azure access token&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                                        </outwardlinks>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="2111905">RUBY-3088</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="1756651">DRIVERS-1780</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2148369">DRIVERS-2457</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10423">
                    <name>Gantt End to End</name>
                                            <outwardlinks description="has to be finished together with">
                                        <issuelink>
            <issuekey id="2307860">DRIVERS-2600</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                            <outwardlinks description="split to">
                                        <issuelink>
            <issuekey id="2111900">JAVA-4706</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111896">CDRIVER-4454</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111898">CSHARP-4294</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111897">CXX-2565</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111899">GODRIVER-2521</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111902">MOTOR-1017</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111901">NODE-4537</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111904">PHPLIB-938</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111903">PYTHON-3396</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111905">RUBY-3088</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2111906">RUST-1442</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                            <outwardlinks description="causes">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2148369">DRIVERS-2457</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2116428">MONGOCRYPT-473</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2153516">DRIVERS-2464</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;b&gt;Implementation&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;libmongocrypt 1.6.0 or higher is required. Binaries for 1.6.0 are available on the &lt;a href=&quot;https://spruce.mongodb.com/task/libmongocrypt_release_publish_snapshot_upload_all_12c5118944295599097d5a70a11bb32a1b079282_22_09_07_13_03_29/files?execution=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;upload-all task&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The spec changes introduce another method of obtaining KMS credentials automatically, much like with GCP and AWS:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;When &lt;tt&gt;kmsProviders&lt;/tt&gt; contains an empty &lt;tt&gt;azure&lt;/tt&gt; property, it indicates a request for automatic Azure credentials.&lt;/li&gt;
	&lt;li&gt;To obtain credentials, issue an HTTP request to the Azure Instance Metadata Service (IMDS).&lt;/li&gt;
	&lt;li&gt;IMDS will issue an &lt;tt&gt;accessToken&lt;/tt&gt; that can be used to query the Azure Key Vault (if the instance has sufficient permissions).&lt;/li&gt;
	&lt;li&gt;Additionally, this version of auto-KMS credentials institutes a token caching requirement.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;The associated spec changes are specified here: &lt;a href=&quot;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/d6b8cce6abb3b8e1a0b8f1dc7ee737e18322cfce&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The initial implementation for the C driver is here: &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/686bff81f565f93db83d99902ce1c3a6f89922c7&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Mock server tests&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Mock server tests specified here:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/e780e91d708fe9c004a0b0023387baa850282881&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The mock server is available here: &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/fake_azure.py&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/671a15154f0dd0e4af3c8df2ac08dfe4acf01795#diff-d353a218f6d4ac77dfb35cc757a96af121a9ce1d3cf7b01535fa23e6d0c58016R98&lt;/a&gt; for a reference implementation of the mock server tests in C.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Integration tests&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Integration tests are specified here:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/cf778cb8add04c0c6d8f366e6352f3d0ac9c1694&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Scripts in the drivers-evergreen-tools &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/tree/master/.evergreen/csfle/azurekms&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;.evergreen/csfle/azurekms directory&lt;/a&gt; may be used to create the temporary Azure Virtual Machine. Get credentials from &lt;a href=&quot;https://docs.google.com/document/d/1vVN_OdUQpMsxVIoUmYk5u6lWxfRgy-vHCbafr8GXXjo/edit&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;DRIVERS-2411 Test Credentials&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;To test, add an Evergreen task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Create an Azure VM instance in a &lt;tt&gt;setup_group&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Destroy the Azure VM instance in a &lt;tt&gt;teardown_group&lt;/tt&gt;. Using a &lt;tt&gt;teardown_group&lt;/tt&gt; will destroy the instance if the task fails.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Add a task in the task group to do the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Build and copy files to the remote Azure VM.&lt;/li&gt;
	&lt;li&gt;Install necessary dependencies on the remote Azure VM instance.&lt;/li&gt;
	&lt;li&gt;Run the test remotely.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Please see &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/1124&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/1124&lt;/a&gt; and &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/1234/files&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/1234/&lt;/a&gt;&#160;for a reference implementation of the integration tests in C.&lt;/p&gt;

&lt;p&gt;It may be helpful to refer to driver tests for &lt;a href=&quot;https://github.com/mongodb/specifications/blob/847d9ba741201f9c9d1305831a9c60e8ab2a1544/source/auth/tests/mongodb-aws.rst#3ecs-instance&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MONGODB-AWS ECS&lt;/a&gt;. The ECS tests perform a similar flow (copying and running a test on a remote ECS instance).&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_23952" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Driver Compliance</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<style type='text/css'>
         #scriptField, #scriptField *{
                border: 1px solid black;
            }

            #scriptField{
                border-collapse: collapse;
            }

            #scriptField td {
                text-align: center; /* Center-align text in table cells */
            }

            #scriptField td.key {
                text-align: left; /* Left-align text in the Key column */
            }

            #scriptField a {
                text-decoration: none; /* Remove underlines from links */
                border: none; /* Remove border from links */
            }
            
            /* Add green background color to cells with FixVersion */
            #scriptField td.hasFixVersion {
                background-color: #00FF00; /* Green color code */
            }

            /* Center-align the first row headers */
            #scriptField th {
                text-align: center;
            }
        </style>
<table id='scriptField'>
  <tr>
    <th>Key</th>
    <th>Status/Resolution</th>
    <th>FixVersion</th>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CDRIVER-4454'>CDRIVER-4454</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.24.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CXX-2565'>CXX-2565</a>
    </td>
    <td>Works as Designed</td>
    <td class='hasFixVersion'>3.8.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CSHARP-4294'>CSHARP-4294</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.19.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/GODRIVER-2521'>GODRIVER-2521</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.12.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/JAVA-4706'>JAVA-4706</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>4.8.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/NODE-4537'>NODE-4537</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>5.2.0, mongodb-client-encryption-2.7.1</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/MOTOR-1017'>MOTOR-1017</a>
    </td>
    <td>Duplicate</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PYTHON-3396'>PYTHON-3396</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>pymongocrypt-1.4, 4.3.3</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PHPLIB-938'>PHPLIB-938</a>
    </td>
    <td>Done</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUBY-3088'>RUBY-3088</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.19.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUST-1442'>RUST-1442</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.6.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/SWIFT-1625'>SWIFT-1625</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
</table>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_21553" key="com.atlassian.jira.plugin.system.customfieldtypes:labels">
                        <customfieldname>Quarter</customfieldname>
                        <customfieldvalues>
                                        <label>FY23Q3</label>
            <label>FY24Q1</label>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i0ond4:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>