-
Type: New Feature
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
Background
WRITING-9378 proposes adding a new context to libmongocrypt to assist with driver implementation of the new ClientEncryption::rewrapManyDataKey method.
The ClientEncryption::rewrapManyDataKey method should create a context in libmongocrypt.
The libmongocrypt context should do the following:
- Enter the MONGOCRYPT_CTX_NEED_MONGO_KEYS state to request the driver "find" matching keys.
- Decrypt matching keys with the old KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
- Encrypt matching keys with the new KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
Enter a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update on the key vault collection with the new documents.- Drivers are expected to run a bulk update after obtaining the rewrapped key documents with mongocrypt_ctx_finalize(), after which libmongocrypt has no further work to do. A new state was therefore deemed unnecessary.
Scope
- Support a new context in libmongocrypt to rewrap multiple data keys.
Add a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update.
- related to
-
MONGOCRYPT-450 Remove unnecessary fields from rewrapManyDataKey result
- Closed