-
Type: Task
-
Resolution: Done
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
-
Not Needed
Summary
A new special form of kmsProviders.azure can be used to indicate a request for automatic credentials based on a VM's managed identity.
Motivation
Who is the affected end user?
libmongocrypt consumers
How does this affect the end user?
Support for disambiguating between a VM with multiple managed identities requires that parameters be given to the automatic KMS credentials request.
How likely is it that this problem or use case will occur?
Only Azure users that use multiple assigned managed identities on an Azure VM will need to disambiguate the KMS request. By default, a VM only has a single unambiguous managed identity.
If the problem does occur, what are the consequences and how severe are they?
The disambiguation parameters are requires by the Azure metadata server if the VM has more than one managed identity. If these are omitted, the accessToken will fail to generate and automatic KMS credentials will fail.
Is this issue urgent?
TBD
Is this ticket required by a downstream team?
No
Is this ticket only for tests?
No
- is related to
-
NODE-4619 Add accessToken to libmongocrypt bindings TS definitions
- Closed
-
DRIVERS-2411 Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials
- Closed