<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:22:36 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-927] Use strings for master and data key ids</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-927</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;p&gt;Currently master and data key ids are bson binary uuids. These keys are generally needed to configure the driver, and being composed of binary data creates challenges for interoperability between drivers as well as developer experience.&lt;/p&gt;

&lt;p&gt;For example, it is common to use environment variables to store configuration data. It is easy to store a string in an environment variable; it is not clear how to store a binary blob in an environment variable and be able to operate on it from a shell script.&lt;/p&gt;

&lt;p&gt;An application may work around binary blobs by performing its own encoding and decoding, but doing so makes the configuration data potentially unportable across applications and environments.&lt;/p&gt;

&lt;p&gt;Consider for example the following data flow:&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;User generates a master key using a Python application;&lt;/li&gt;
	&lt;li&gt;User writes this key to 0bin for transfer to another user;&lt;/li&gt;
	&lt;li&gt;User loads this key into a Node application to generate data keys;&lt;/li&gt;
	&lt;li&gt;User adds this key into a third-party configuration management system that uses json files for configuration (not extended json)&lt;/li&gt;
	&lt;li&gt;Configuration management system uses AWS to provision a server with the master key added to the environment&lt;/li&gt;
	&lt;li&gt;On the server a Mongoid application reads the key from the environment and passes it to the Ruby driver&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;If the key is a string, the above operations is straightforward. If the key is a binary blob, each step must be carefully evaluated for proper escaping (and could be unfeasible altogether).&lt;/p&gt;

&lt;p&gt;The same issue applies to data key ids, since when they are used for explicit encryption they become part of driver configuration.&lt;/p&gt;

&lt;p&gt;I asked &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=kevin.albertson&quot; class=&quot;user-hover&quot; rel=&quot;kevin.albertson&quot;&gt;kevin.albertson&lt;/a&gt; about why the key ids were not strings and from what I understand there is no specific reason why they can&apos;t be strings in principle.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1254938">DRIVERS-927</key>
            <summary>Use strings for master and data key ids</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="oleg.pudeyev@mongodb.com">Oleg Pudeyev</reporter>
                        <labels>
                    </labels>
                <created>Mon, 9 Mar 2020 20:41:10 +0000</created>
                <updated>Fri, 8 Apr 2022 18:28:23 +0000</updated>
                            <resolved>Mon, 23 Mar 2020 16:57:28 +0000</resolved>
                                                        <component>Client Side Encryption</component>
                                        <votes>1</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="4468564" author="oleg.pudeyev" created="Fri, 8 Apr 2022 18:28:23 +0000"  >&lt;p&gt;This issue is currently affecting Mongoid-FLE integration as reported/discussed in &lt;a href=&quot;https://github.com/mongodb/mongo-ruby-driver/pull/2429&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-ruby-driver/pull/2429&lt;/a&gt;.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1254523">DRIVERS-929</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hwt5l3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>