3 results found

1. CSFLE - Support native key rotation with Azure Key Vault

   Hello MongoDB Product Manager,

   We use the CSFLE functionality with Azure Key Vault as a key manager and everything works fine except the management of the master key (CMK) and its rotation.

   All because it is not possible to use Azure Key Vault's native key rotation functionality to perform our rotations on a regular basis.

   The ability to use this functionality would allow us to automate rotation at the master key level using native Azure Key Vault functionality. The "Rotation policy" feature allows us to automatically manage the rotation process of a key (notification, rotation, deactivation, etc.). Using this feature greatly simplifies the process and allows us to meet our organization's security requirements.

   See: https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation

   The only thing missing from the MongoDB libraries to handle this properly is to be able to handle the version of the key or allow us to force the full URL including the version of the key and keep that number. version in the encryption keys collection (Keyvault collection).

   See attached document for more details.

   Can you promote this adjustment in your next service improvement activities.

   Thank you for your commitment to your customers.

   Hello MongoDB Product Manager,

   We use the CSFLE functionality with Azure Key Vault as a key manager and everything works fine except the management of the master key (CMK) and its rotation.

   All because it is not possible to use Azure Key Vault's native key rotation functionality to perform our rotations on a regular basis.

   The ability to use this functionality would allow us to automate rotation at the master key level using native Azure Key Vault functionality. The "Rotation policy" feature allows us to automatically manage the rotation process of a key (notification, rotation, deactivation, etc.). Using this feature… more

   • 

   11 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   2 comments  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

2. Switch for returning encrypted blob when providing old DEK

   When rotating keys, we would like the option to still be able to fetch old documents with fields encrypted with an old DEK, exactly like what happens when we're querying documents without a DEK at all.
   This could be done with a bool switch when setting up the client settings

   2 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

3. Provide a Debian 11.0 ARM 64 Crypt Shared library

   There is no ARM 64 version of the Crypt Shared library available for Debian 11.0 here:

   https://www.mongodb.com/download-center/enterprise/releases

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Edit…  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close