Drivers
9 results found
-
Support for EKS Service Account Credentials in MONGODB-AWS
Support for EKS Service Account Credentials in MONGODB-AWS
It would be great to be able to authenticate to MongoDB using EKS service accounts.
Currently, the order in which Drivers MUST search for credentials is:
Credentials passed through the URI
Environment variables
ECS endpoint if and only if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set.
EC2 endpoint
(https://pymongo.readthedocs.io/en/stable/examples/authentication.html#mongodb-aws)It is possible use the AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE environment variables injected into the pod by EKS to assume the service account role and get temporary security credentials, which could then be passed to the uri as described in AssumeRole (https://pymongo.readthedocs.io/en/stable/examples/authentication.html#assumerole).
The boto client…
30 votesThis has now been completed in most drivers.
- MongoDB Java driver EKS Service Account support is in driver version 4.8.0
- MongoDB C Driver EKS Service Account support is in driver version 1.2.4
- MongoDB C# Driver EKS Service Account support is in driver version 2.19.0
- MongoDB Go Driver EKS Service Account support is in driver version 1.12.0
- MongoDB Node.JS Driver EKS Service Account support is in driver version 5.1.0
- MongoDB Python Driver EKS Service Account support is in driver version 4.4.0
- MongoDB Ruby Driver EKS Service Account support is in driver version 2.19.0
- MongoDB Rust Driver EKS Service Account support is in driver version 2.6.0
If you have any questions please reach out!
Rachelle
-
Create Atlas Search helper method for aggregations in java
Java driver doesn’t include a {{search()}} helper method in the Aggregation class, for facilitating Atlas Search queries.
While it's possible to build a custom pipeline which includes a
{ $ search ... }
stage, a dedicated helper method would be convenient.29 votesThis work was completed and released as part of Java driver version 4.7.0 https://jira.mongodb.org/browse/JAVA-4415
-
Add a Kotlin Driver
There should be an official Kotlin driver
15 votesHello all, the MongoDB Kotlin driver has been released. You can find the documentation for this here : https://www.mongodb.com/docs/drivers/kotlin-drivers/
-
CSFLE - Integration with more KMS providers like Hashicorp Vault
Automatic CSFLE - To generate and manage the Customer Master key, can we add more KMS providers like Hashicorp Vault. KMS providers currently supported are only: Amazon Web Services KMS and Locally Managed Keyfile.
To work with Hashicorp Vault, it seems, we need to choose Locally Managed Keyfile as the KMS provider. This means that the Master key will be fetched from Vault in memory and then used in the code to encrypt/decrypt the DEK (Data Encryption Key). Ideally, the decryption of DEK should happen in the vault itself as a best practice, and master key should not be brought…
13 votesHello all! Thank you for this feature request. MongoDB now supports Hashicorp Vault as a key management service via their KMIP secrets engine. This work was completed as part of https://jira.mongodb.org/browse/DRIVERS-1353 and is documented here.
-
Provide builders/helpers for all MQL operators
Only a small subset of MQL operators have equivalent convenience wrappers in the Java (reactive) driver.
Many such as $filter, $concatArrays, $first, $cond etc. have to be assembled as BsonDocuments etc leading to error-prone and cumbersome code.5 votes -
For Client Side Field Level Encryption (CSFLE) load IAM credentials for KMS by default
In order to get the mongodb csfle lib to work with AWS KMS we need to set
the following provider details explicitly: accessKeyId and secretAccessKey.It is common and more secure practice for applications to be able to load these automatically.
If we do not supply the accessKeyId and secretAccessKey then the java driver could make an API call to
retrieve temporary credentials from the EC2 instance it is running on.It is explained in detail here:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html4 votesThank you for your enhancement request. We are pleased to announce that we now support AWS IAM roles for KMS access with CSFLE. Please see the "Important" note that provides instructions on using IAM roles for authentication in the AWS KMS tutorial in our MongoDB docs. https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions
-
Go Driver: Allow Client Side Field Level Encryption (CSFLE) to use IAM Role credentials credentials with KMS access
In order to get the MongoDB csfle lib to work with AWS KMS, we need to set
the following provider details (IAM user credentials) explicitly: accessKeyId and secretAccessKey.It is common and more secure practice for applications to be able to get temporary credentials using IAM roles which will have accessKeyId, secretAccessKey and sessionToken - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html.
Currently, the Go Driver does not support sending 'sessionToken' along with provider details.
The libmongocrypt library has this support now - https://github.com/mongodb/libmongocrypt/pull/153.
It would be great if Go driver has this support.
2 votesThank you for your enhancement request. We are pleased to announce that we now support AWS IAM roles for KMS access with CSFLE. Please see the "Important" note that provides instructions on using IAM roles for authentication in the AWS KMS tutorial in our MongoDB docs. https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions
-
Allow Client Side Field Level Encryption (CSFLE) to use EC2 Instance profile credentials with KMS access
To use CSFLE with AWS KMS, we have to specify the KMS provider key and access key. This makes it less secure b/c we now have to store the credentials that's accessible to the app. Would be great if it could leverage IAM roles for Amazon EC2 to automatically provide credentials to the instance as discussed here:
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-iam.html
2 votesThank you for your enhancement request. We are pleased to announce that we now support AWS IAM roles for KMS access with CSFLE. Please see the "Important" note that provides instructions on using IAM roles for authentication in the AWS KMS tutorial in our MongoDB docs. https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions
-
C# Driver - CSFLE enable to use on Linux
The CSFLE (via C# driver) don’t work on Linux as specified in the documentations.
https://mongodb.github.io/mongo-csharp-driver/2.10/reference/driver/crud/client_side_encryption/
1 voteCSFLE has been tested and works successfully on both Linux and Mac as of C# driver release 2.12.0
- Don't see your idea?