Skip to content

Drivers

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

9 results found

  1. Support for EKS Service Account Credentials in MONGODB-AWS

    Support for EKS Service Account Credentials in MONGODB-AWS

    It would be great to be able to authenticate to MongoDB using EKS service accounts.

    Currently, the order in which Drivers MUST search for credentials is:
    Credentials passed through the URI
    Environment variables
    ECS endpoint if and only if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set.
    EC2 endpoint
    (https://pymongo.readthedocs.io/en/stable/examples/authentication.html#mongodb-aws)

    It is possible use the AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE environment variables injected into the pod by EKS to assume the service account role and get temporary security credentials, which could then be passed to the uri as described in AssumeRole (https://pymongo.readthedocs.io/en/stable/examples/authentication.html#assumerole).

    The boto client…

    30 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Python  ·  Admin →

    This has now been completed in most drivers. 

    • MongoDB Java driver EKS Service Account support is in driver version 4.8.0
    • MongoDB C Driver EKS Service Account support is in driver version 1.2.4
    • MongoDB C# Driver EKS Service Account support is in driver version 2.19.0
    • MongoDB Go Driver EKS Service Account support is in driver version 1.12.0
    • MongoDB Node.JS Driver EKS Service Account support is in driver version 5.1.0
    • MongoDB Python Driver EKS Service Account support is in driver version 4.4.0
    • MongoDB Ruby Driver EKS Service Account support is in driver version 2.19.0
    • MongoDB Rust Driver EKS Service Account support is in driver version 2.6.0


    If you have any questions please reach out!


    Rachelle

  2. Create Atlas Search helper method for aggregations in java

    Java driver doesn’t include a {{search()}} helper method in the Aggregation class, for facilitating Atlas Search queries.

    While it's possible to build a custom pipeline which includes a { $ search ... } stage, a dedicated helper method would be convenient.

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Java  ·  Admin →
  3. Add a Kotlin Driver

    There should be an official Kotlin driver

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

  4. CSFLE - Integration with more KMS providers like Hashicorp Vault

    Automatic CSFLE - To generate and manage the Customer Master key, can we add more KMS providers like Hashicorp Vault. KMS providers currently supported are only: Amazon Web Services KMS and Locally Managed Keyfile.

    To work with Hashicorp Vault, it seems, we need to choose Locally Managed Keyfile as the KMS provider. This means that the Master key will be fetched from Vault in memory and then used in the code to encrypt/decrypt the DEK (Data Encryption Key). Ideally, the decryption of DEK should happen in the vault itself as a best practice, and master key should not be brought…

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

  5. Provide builders/helpers for all MQL operators

    Only a small subset of MQL operators have equivalent convenience wrappers in the Java (reactive) driver.
    Many such as $filter, $concatArrays, $first, $cond etc. have to be assembled as BsonDocuments etc leading to error-prone and cumbersome code.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  4 comments  ·  Java  ·  Admin →
  6. For Client Side Field Level Encryption (CSFLE) load IAM credentials for KMS by default

    In order to get the mongodb csfle lib to work with AWS KMS we need to set
    the following provider details explicitly: accessKeyId and secretAccessKey.

    It is common and more secure practice for applications to be able to load these automatically.

    If we do not supply the accessKeyId and secretAccessKey then the java driver could make an API call to
    retrieve temporary credentials from the EC2 instance it is running on.

    It is explained in detail here:
    https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Java  ·  Admin →
  7. Go Driver: Allow Client Side Field Level Encryption (CSFLE) to use IAM Role credentials credentials with KMS access

    In order to get the MongoDB csfle lib to work with AWS KMS, we need to set
    the following provider details (IAM user credentials) explicitly: accessKeyId and secretAccessKey.

    It is common and more secure practice for applications to be able to get temporary credentials using IAM roles which will have accessKeyId, secretAccessKey and sessionToken - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html.

    Currently, the Go Driver does not support sending 'sessionToken' along with provider details.

    The libmongocrypt library has this support now - https://github.com/mongodb/libmongocrypt/pull/153.

    It would be great if Go driver has this support.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Go  ·  Admin →
  8. Allow Client Side Field Level Encryption (CSFLE) to use EC2 Instance profile credentials with KMS access

    To use CSFLE with AWS KMS, we have to specify the KMS provider key and access key. This makes it less secure b/c we now have to store the credentials that's accessible to the app. Would be great if it could leverage IAM roles for Amazon EC2 to automatically provide credentials to the instance as discussed here:

    https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-iam.html

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Node.js  ·  Admin →
  9. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  C#  ·  Admin →
  • Don't see your idea?

Drivers

Categories

Feedback and Knowledge Base