Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-1937

Support explicit sessions in CSFLE auto encryption internal commands

    • Type: Icon: Spec Change Spec Change
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Component/s: Client Side Encryption
    • None
    • Needed

      Summary

      During automatic encryption and decryption, CSFLE may execute two internal commands:

      • find to retrieve key documents from the Key Vault Collection
      • listCollections to retrieve JSON schemas on collections not present in the client configured schemaMap.

      It is not possible to use an explicit session on these operations with the current API.

      Motivation

      I see one plausible use case:

      To guarantee a new data key created with ClientEncryption.createDataKey is visible in later automatic encryption operations, a causally consistent session could be used for read-your-own-writes semantics. Automatic encryption already uses read concern majority on the find operation.

      Who is the affected end user?

      Any user of CSFLE.

      How does this affect the end user?

      This was not requested by a user. Users cannot use explicit sessions in automatic encryption or automatic decryption.

      How likely is it that this problem or use case will occur?

      I am not sure. createDataKey already uses majority write concern, and find in automatic encryption uses majority read concern. I think a problem like the use-case described above is rare, if at all possible.

      If the problem does occur, what are the consequences and how severe are they?

      If the result of createDataKey is not immediately visible, it result in transient errors in automatic encryption / decryption operations unable to retrieve the key.

      Is this issue urgent?

      No.

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

            Assignee:
            Unassigned Unassigned
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: