<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:23:11 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-50644] use non-ephemeral key to encrypt temporary files for the Sorter</title>
                <link>https://jira.mongodb.org/browse/SERVER-50644</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The &lt;a href=&quot;https://github.com/mongodb/mongo/blob/f5da4e4b7f7f04267bd92736ee9b16417e6d70ff/src/mongo/db/sorter/sorter.cpp#L1085&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Sorter&lt;/a&gt; encrypts the temporary files in &lt;tt&gt;dbpath/_tmp&lt;/tt&gt; using a &lt;a href=&quot;https://github.com/10gen/mongo-enterprise-modules/blob/master/src/encryptdb/README.md#key-management&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;key that is not guaranteed to remain stable across process restarts&lt;/a&gt;. If it is feasible to use a persistent key to encrypt these temporary files, it would allow us to re-use these temporary files during the recovery process at startup.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1457875">SERVER-50644</key>
            <summary>use non-ephemeral key to encrypt temporary files for the Sorter</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="varun.ravichandran@mongodb.com">Varun Ravichandran</assignee>
                                    <reporter username="benety.goh@mongodb.com">Benety Goh</reporter>
                        <labels>
                    </labels>
                <created>Mon, 31 Aug 2020 16:15:48 +0000</created>
                <updated>Sun, 29 Oct 2023 22:03:48 +0000</updated>
                            <resolved>Wed, 20 Jan 2021 22:08:45 +0000</resolved>
                                                    <fixVersion>4.9.0</fixVersion>
                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="3574299" author="xgen-internal-githook" created="Wed, 20 Jan 2021 19:28:18 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-50644&quot; title=&quot;use non-ephemeral key to encrypt temporary files for the Sorter&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-50644&quot;&gt;&lt;del&gt;SERVER-50644&lt;/del&gt;&lt;/a&gt;, &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-50479&quot; title=&quot;add resumable index build support for ESE&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-50479&quot;&gt;&lt;del&gt;SERVER-50479&lt;/del&gt;&lt;/a&gt;: Add resumable index build support for ESE by using persistent key for Sorter temp file encryption&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/45a54bbac81ff1146f307afb2d04c94c694a1163&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/45a54bbac81ff1146f307afb2d04c94c694a1163&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3574297" author="xgen-internal-githook" created="Wed, 20 Jan 2021 19:28:10 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-50644&quot; title=&quot;use non-ephemeral key to encrypt temporary files for the Sorter&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-50644&quot;&gt;&lt;del&gt;SERVER-50644&lt;/del&gt;&lt;/a&gt;, &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-50479&quot; title=&quot;add resumable index build support for ESE&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-50479&quot;&gt;&lt;del&gt;SERVER-50479&lt;/del&gt;&lt;/a&gt;: Add resumable index build support for ESE by using persistent key for Sorter temp file encryption&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/mongo-enterprise-modules/commit/9c35b6ea220aac23614a688da7f1ffbe85d7e637&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-enterprise-modules/commit/9c35b6ea220aac23614a688da7f1ffbe85d7e637&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3399555" author="benety.goh" created="Thu, 17 Sep 2020 17:20:14 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt;, collections cannot currently move across databases without getting a new collection UUID, so using the database name should be fine.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=david.percy&quot; class=&quot;user-hover&quot; rel=&quot;david.percy&quot;&gt;david.percy&lt;/a&gt;, I wasn&apos;t aware of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-42345&quot; title=&quot;Use internal temporary collection to spill data during external sort&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-42345&quot;&gt;SERVER-42345&lt;/a&gt; until you mentioned it. In this context, we&apos;re mostly working with the existing file format specific to the Sorter.&lt;/p&gt;</comment>
                            <comment id="3399250" author="spencer.jackson@10gen.com" created="Thu, 17 Sep 2020 15:23:00 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=benety.goh&quot; class=&quot;user-hover&quot; rel=&quot;benety.goh&quot;&gt;benety.goh&lt;/a&gt;, ESE&apos;s keystore predates the collection UUIDs, so its persisted data structures maps each database name to the AES key to use for all collections in the database. Reaping keys is also hard, and currently requires an initial sync, so I&apos;d prefer to avoid making too many durable but briefly used keys. Would it be possible to, at some point before or during the life of the SortedFileWriter, transform the collection&apos;s UUID into the name of the database that contains it?&lt;/p&gt;</comment>
                            <comment id="3399231" author="benety.goh" created="Thu, 17 Sep 2020 15:14:51 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt;, I would also lean towards the more desirable solution. The collection UUID should always be available at the start of the index build to plumb into the &lt;a href=&quot;https://github.com/mongodb/mongo/blob/accc7e7cd7e7a984347361d03ee76514c4a54163/src/mongo/db/sorter/sorter.h#L300&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;SortedFileWriter.&lt;/a&gt;&#160;This collection UUID would be preferable to a namespace string or database name. Non-trivial index builds, which includes those eligible for restoration after a reboot, will also have access to a &lt;a href=&quot;https://github.com/mongodb/mongo/blob/accc7e7cd7e7a984347361d03ee76514c4a54163/src/mongo/db/resumable_index_builds.idl#L94&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;UUID that identifies the original createIndex request across the replica set&lt;/a&gt;.&lt;/p&gt;</comment>
                            <comment id="3394633" author="spencer.jackson@10gen.com" created="Tue, 15 Sep 2020 15:06:24 +0000"  >&lt;p&gt;I think there&apos;s a couple of ways to approach this.&lt;/p&gt;

&lt;p&gt;The easy but less ideal solution would be to reserve a single non-ephemeral key for spilled index builds. No additional state would need to be plumbed, but every index build&apos;s spilled files would wind up being encrypted with the same keys. This would be less than ideal in multi-tenant environments, where customers prefer to have unique keys.&lt;/p&gt;

&lt;p&gt;An alternative with more desirable runtime behaviour would require plumbing down the namespace which the index is being built against down to the Sorter, where we &lt;a href=&quot;https://github.com/mongodb/mongo/blob/accc7e7cd7e7a984347361d03ee76514c4a54163/src/mongo/db/sorter/sorter.cpp#L1100&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;encrypt&lt;/a&gt; and &lt;a href=&quot;https://github.com/mongodb/mongo/blob/accc7e7cd7e7a984347361d03ee76514c4a54163/src/mongo/db/sorter/sorter.cpp#L299&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;decrypt&lt;/a&gt; the spilled data. If we did this, we could use the per-database encryption key to protect the spilled index data. This is desirable because that key is already protecting the at-rest data, and will only be used for a single customer in multi-tenant environments.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=benety.goh&quot; class=&quot;user-hover&quot; rel=&quot;benety.goh&quot;&gt;benety.goh&lt;/a&gt;, I haven&apos;t interacted with the &lt;a href=&quot;https://github.com/mongodb/mongo/blob/accc7e7cd7e7a984347361d03ee76514c4a54163/src/mongo/db/sorter/sorter.h#L300&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;SortedFileWriter&lt;/a&gt; recently, so I&apos;d like to check with you: Would it be objectionable to plumb a namespace string or database down into it, so that it could provide it to the encryption subsystem for key selection? Would every SortedFileWriter be able to have access to a namespace string? Or are there some contexts, like restoration after a reboot, where the name wouldn&apos;t be available? Are there some situations where the SortedFileWriter would be expected to not know the namespace it&apos;s operating against?&lt;/p&gt;</comment>
                            <comment id="3368312" author="ian@10gen.com" created="Mon, 31 Aug 2020 18:05:23 +0000"  >&lt;p&gt;During investigation: see whether this is something  we can easily accomodate using persisted keys in the keystore.&lt;/p&gt;</comment>
                            <comment id="3368021" author="benety.goh" created="Mon, 31 Aug 2020 16:21:58 +0000"  >&lt;p&gt;This ticket is motivated by an issue we found while testing the resumable index project. Reproduction steps can be found in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-50479&quot; title=&quot;add resumable index build support for ESE&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-50479&quot;&gt;&lt;del&gt;SERVER-50479&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="1449781">SERVER-50479</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="871203">SERVER-42345</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 31 Aug 2020 18:05:23 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 3 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-2038</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 3 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>benety.goh@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>ian@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
            <customfieldvalue>varun.ravichandran@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hy32ov:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxpm87:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4225">Security 2020-09-21</customfieldvalue>
    <customfieldvalue id="4226">Security 2020-10-05</customfieldvalue>
    <customfieldvalue id="4233">Security 2021-01-11</customfieldvalue>
    <customfieldvalue id="4571">Security 2021-01-25</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hy2oy7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>