Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2296

Allow ClientEncryptionOpts.keyVaultClient to be optional if ClientEncryption object is created via a MongoClient

    • Type: Icon: Spec Change Spec Change
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Component/s: Client Side Encryption
    • None
    • Not Needed

      Summary

      In this PR comment thread for DRIVERS-2017, I realized that keyVaultClient is a required option of ClientEncryptionOpts (see: ClientEncryption in the CSFLE spec). The CSFLE spec never explicitly discussed how ClientEncryption objects should be created, but one can infer that by requiring keyVaultClient they should be constructed independently of a MongoClient object.

      In PHPC, ClientEncryption objects have historically been constructed through the client object (i.e. MongoDB\Driver\Manager::createClientEncryption()). Therefore, keyVaultClient is optional and defaults to the parent client, similar to AutoEncryptionOpts.

      If PHPC is not alone in allowing ClientEncryption objects to be constructed through a MongoClient, I'd propose that the spec allow ClientEncryptionOptions.keyVaultClient to be optional in such an API. If not, we can close this out and I'll open a PHPC ticket to allow ClientEncryption to be constructed directly (with a required keyVaultClient option).

      Motivation

      Is this issue urgent?

      No.

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

            Assignee:
            Unassigned Unassigned
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: