Drivers

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for EKS Service Account Credentials in MONGODB-AWS

    Support for EKS Service Account Credentials in MONGODB-AWS

    It would be great to be able to authenticate to MongoDB using EKS service accounts.

    Currently, the order in which Drivers MUST search for credentials is:
    Credentials passed through the URI
    Environment variables
    ECS endpoint if and only if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set.
    EC2 endpoint
    (https://pymongo.readthedocs.io/en/stable/examples/authentication.html#mongodb-aws)

    It is possible use the AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE environment variables injected into the pod by EKS to assume the service account role and get temporary security credentials, which could then be passed to the uri as described in AssumeRole (https://pymongo.readthedocs.io/en/stable/examples/authentication.html#assumerole).

    The boto client…

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Python  ·  Flag idea as inappropriate…  ·  Admin →
  2. CSFLE - Integration with more KMS providers like Hashicorp Vault

    Automatic CSFLE - To generate and manage the Customer Master key, can we add more KMS providers like Hashicorp Vault. KMS providers currently supported are only: Amazon Web Services KMS and Locally Managed Keyfile.

    To work with Hashicorp Vault, it seems, we need to choose Locally Managed Keyfile as the KMS provider. This means that the Master key will be fetched from Vault in memory and then used in the code to encrypt/decrypt the DEK (Data Encryption Key). Ideally, the decryption of DEK should happen in the vault itself as a best practice, and master key should not be brought…

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Add a new driver  ·  Flag idea as inappropriate…  ·  Admin →

    Hi all,
    With the release of server 5.0 this coming July, we will also GA our integration with Azure and GCP as KMS providers. Hashicorp Vault is planned for later in 2021, along with generic or custom built key management solution support.

  • Don't see your idea?

Feedback and Knowledge Base