MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Completed
Categories Drivers (ie: Node.js, Java, .NET)
Created by Guest
Created on Sep 1, 2021

RELATED FEEDBACK

Go Driver: Allow Client Side Field Level Encryption (CSFLE) to use IAM Role credentials credentials with KMS access

In order to get the MongoDB csfle lib to work with AWS KMS, we need to set the following provider details (IAM user credentials) explicitly: accessKeyId and secretAccessKey. It is common and more secure practice for applications to be able to get temporary credentials using IAM roles which will have accessKeyId, secretAccessKey and sessionToken - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html. Currently, the Go Driver does not support sending 'sessionToken' along with provider details. The libmongocrypt library has this support now - https://github.com/mongodb/libmongocrypt/pull/153. It would be great if Go driver has this support.
  • ADMIN RESPONSE
    Oct 18, 2025
    Thank you for your enhancement request.  We are pleased to announce that we now support AWS IAM roles for KMS access with CSFLE.  Please see the "Important" note that provides instructions on using IAM roles for authentication in the AWS KMS tutorial in our MongoDB docs. https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions ( https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions )