MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Completed
Categories Drivers (ie: Node.js, Java, .NET)
Created by Guest
Created on Nov 27, 2020

RELATED FEEDBACK

For Client Side Field Level Encryption (CSFLE) load IAM credentials for KMS by default

In order to get the mongodb csfle lib to work with AWS KMS we need to set the following provider details explicitly: accessKeyId and secretAccessKey. It is common and more secure practice for applications to be able to load these automatically. If we do not supply the accessKeyId and secretAccessKey then the java driver could make an API call to retrieve temporary credentials from the EC2 instance it is running on. It is explained in detail here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
  • ADMIN RESPONSE
    Oct 18, 2025
    Thank you for your enhancement request.  We are pleased to announce that we now support AWS IAM roles for KMS access with CSFLE.  Please see the "Important" note that provides instructions on using IAM roles for authentication in the AWS KMS tutorial in our MongoDB docs. https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions ( https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions )
  • Guest
    Jul 13, 2021
    +1. We really want to use CSFLE feature, but security wise with long term credentials it makes the feature to be impossible to implement.
    Reply