Skip to content

How can we improve the MongoDB Drivers?

Allow Client Side Field Level Encryption (CSFLE) to use EC2 Instance profile credentials with KMS access

To use CSFLE with AWS KMS, we have to specify the KMS provider key and access key. This makes it less secure b/c we now have to store the credentials that's accessible to the app. Would be great if it could leverage IAM roles for Amazon EC2 to automatically provide credentials to the instance as discussed here:

https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-iam.html

2 votes

Thuy shared this idea · Jun 24, 2020 · Report… · Admin →

completed ·

Cynthia responded · Jul 19, 2023

Thank you for your enhancement request. We are pleased to announce that we now support AWS IAM roles for KMS access with CSFLE. Please see the "Important" note that provides instructions on using IAM roles for authentication in the AWS KMS tutorial in our MongoDB docs. https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions

Show previous admin responses (1)

An error occurred while saving the comment

Signed in as (Sign out)

Signed in as (Sign out)

Close

Close

Drivers: Node.js

Searching…

No results.
Clear search results

Give feedback
- Atlas 1,347 ideas
- Atlas App Services 240 ideas
- Atlas CLI 25 ideas
- Atlas Search 158 ideas
- Atlas Stream Processing 5 ideas
- Charts 251 ideas
- Compass 450 ideas
- Connectors (BI, Kafka, Spark) 41 ideas
- Data Federation and Data Lake 57 ideas
- Database 301 ideas
- Database Tools 1 idea
- Documentation 11 ideas
- Drivers 76 ideas
- Education 40 ideas
- FLE and Queryable Encryption 3 ideas
- MongoDB Analyzer (for .NET) 2 ideas
- MongoDB for VS Code 76 ideas
- MongoDB Shell 37 ideas
- Ops Tools 465 ideas
- Realm 96 ideas
- Relational Migrator 3 ideas
- Support Website 18 ideas
- UI 114 ideas
- Vector Search 8 ideas