<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:08:34 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[MONGOCRYPT-382] Support on-demand credentials</title>
                <link>https://jira.mongodb.org/browse/MONGOCRYPT-382</link>
                <project id="17481" key="MONGOCRYPT">Libmongocrypt</project>
                    <description>&lt;p&gt;&lt;b&gt;Background &amp;amp; Motivation&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;KMS credentials are set on a &lt;tt&gt;mongocrypt_t&lt;/tt&gt; with &lt;tt&gt;mongocrypt_setopt_kms_providers&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;Once set, the KMS credentials cannot be changed for the lifetime of the &lt;tt&gt;mongocrypt_t&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;This poses a problem for users wanting to use temporary credentials that may expire. There is no way to update the credentials on a &lt;tt&gt;mongocrypt_t&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;Here is an example of getting AWS temporary credentials and using them with &lt;a href=&quot;https://github.com/kevinAlbs/go-bootstrap/tree/1d85a6f0de410736d1ca6e5ad0d22857cf8415f7/csfle/assumerole&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Go driver for CSFLE&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Scope&lt;/b&gt;&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Add a new state,&#160;&lt;tt&gt;MONGOCRYPT_CTX_NEED_CREDENTIALS&lt;/tt&gt;.
	&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
		&lt;li&gt;Rationale: Refreshing credentials may require I/O from the wrapping driver. For async drivers, a &lt;tt&gt;mongocrypt_ctx_t&lt;/tt&gt; entering a new state allows the async driver to schedule an async routine.&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;Add a new function on &lt;tt&gt;mongocrypt_ctx_t&lt;/tt&gt; to provide credentials.
	&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
		&lt;li&gt;If a &lt;tt&gt;mongocrypt_ctx_t&lt;/tt&gt; enters the state &lt;tt&gt;MONGOCRYPT_CTX_NEED_CREDENTIALS&lt;/tt&gt;, the driver may call a new function on the &lt;tt&gt;mongocrypt_ctx_t&lt;/tt&gt; to provide credentials.&lt;/li&gt;
		&lt;li&gt;This can override credentials set in the &lt;tt&gt;mongocrypt_t&lt;/tt&gt;.&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;Add a new function on &lt;tt&gt;mongocrypt_t&lt;/tt&gt; to opt in to the new behavior.
	&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
		&lt;li&gt;Rationale: The new state requires bindings updates. Making this opt-in will not break existing drivers.&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="1983789">MONGOCRYPT-382</key>
            <summary>Support on-demand credentials</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Tue, 15 Feb 2022 16:11:59 +0000</created>
                <updated>Sat, 28 Oct 2023 10:25:39 +0000</updated>
                            <resolved>Tue, 8 Mar 2022 15:46:19 +0000</resolved>
                                                    <fixVersion>1.4.0-alpha0</fixVersion>
                                    <component>C library</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="4396715" author="xgen-internal-githook" created="Mon, 7 Mar 2022 23:15:35 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-382&quot; title=&quot;Support on-demand credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-382&quot;&gt;&lt;del&gt;MONGOCRYPT-382&lt;/del&gt;&lt;/a&gt; require `aws: {}` to enter NEED_KMS_CREDENTIALS (#257)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/libmongocrypt/commit/d60ded06f12e225984fb3841ecf30345cc01da84&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/libmongocrypt/commit/d60ded06f12e225984fb3841ecf30345cc01da84&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4396366" author="JIRAUSER1263309" created="Mon, 7 Mar 2022 21:09:54 +0000"  >&lt;p&gt;Hey &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=anna.henningsen&quot; class=&quot;user-hover&quot; rel=&quot;anna.henningsen&quot;&gt;anna.henningsen&lt;/a&gt;&#160;- Looks like the PR related to this work broke a couple of the node driver&apos;s tests in CI (failing build&#160;&lt;a href=&quot;https://evergreen.mongodb.com/task_log_raw/mongo_node_driver_next_ubuntu1804_custom_dependency_tests_run_custom_csfle_tests_33a6fedacacf7ebd7fb52fdb6e35ef3f31a16ea2_22_03_04_22_02_55/0?type=T#L1326.&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;here&lt;/a&gt;).&#160; Reverting the PR and pointing our tests to the revert commit passes - &lt;a href=&quot;https://spruce.mongodb.com/version/622672dba4cf4739fb6b571c/tasks.&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://spruce.mongodb.com/version/622672dba4cf4739fb6b571c/tasks.&lt;/a&gt;&#160;&#160;These tests didn&apos;t run in CI for libmongocrypt because they require a MongoClient that&apos;s connected to a live server.&lt;/p&gt;

&lt;p&gt;Related node ticket to track so that the work isn&apos;t lost - &lt;a href=&quot;https://jira.mongodb.org/browse/NODE-4065&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/NODE-4065&lt;/a&gt;.&lt;/p&gt;</comment>
                            <comment id="4391946" author="xgen-internal-githook" created="Fri, 4 Mar 2022 17:04:57 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Anna Henningsen&apos;, &apos;email&apos;: &apos;anna@addaleax.net&apos;, &apos;username&apos;: &apos;addaleax&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-382&quot; title=&quot;Support on-demand credentials&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-382&quot;&gt;&lt;del&gt;MONGOCRYPT-382&lt;/del&gt;&lt;/a&gt; Add support for providing per-KMS-request credentials (#252)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/libmongocrypt/commit/9bda708fe2e21a6f3cc6f4ccd7c593d66cb7c7f1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/libmongocrypt/commit/9bda708fe2e21a6f3cc6f4ccd7c593d66cb7c7f1&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="1973459">DRIVERS-2179</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1985044">JAVA-4503</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1985046">JAVA-4504</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1994382">MONGOCRYPT-393</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2043909">MONGOCRYPT-428</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1958125">DRIVERS-2017</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i03bhz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>