Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Minor - P4
Fix Version/s: None
Component/s: Client Side Encryption
Labels:
- spec-fest

Driver Changes:
Needed
Case:

Summary

Document "accessToken" form of KMS providers

Background

The specification describes two forms of the "azure" and "gcp" KMS providers options:

type AzureKMSOptions = AzureKMSCredentials | AzureAccessToken;

interface AzureKMSCredentials {
   tenantId: string;
   clientId: string;
   clientSecret: string;
   identityPlatformEndpoint?: string; // Defaults to login.microsoftonline.com
};

interface AzureAccessToken {
   accessToken: string;
};

type GCPKMSOptions = GCPKMSCredentials | GCPKMSAccessToken

interface GCPKMSCredentials {
   email: string;
   privateKey: byte[] | string; // May be passed as a base64 encoded string.
   endpoint?: string; // Defaults to oauth2.googleapis.com
};

interface GCPKMSAccessToken {
   accessToken: string;
}

Some driver docs do not include the "accessToken" form: C, Java, PyMongo.

Motivation

Caused confusion in HELP-60485.

Is this issue urgent?

No?

is related to

DRIVERS-2377 Add support for GCP attached service accounts when using GCP KMS

Closed

DRIVERS-2411 Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials

Closed

Assignee:: Unassigned
Reporter:: Kevin Albertson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Jun 10 2024 01:19:48 PM UTC
Updated:: Oct 14 2024 02:33:24 PM UTC

Details

Description

Summary

Background

Motivation

Is this issue urgent?

Attachments

Issue Links

Activity

People

Dates