Cynthia
My feedback
1 result found
-
11 votes
An error occurred while saving the comment
We're glad you're here
Please sign in to leave feedback
Signed in as
(Sign out)
We're glad you're here
Please sign in to leave feedback
Signed in as
(Sign out)
Feedback and Knowledge Base
-
Searching…
No results.
Clear search results
-
Give feedback
- Atlas 1,258 ideas
- Atlas App Services 234 ideas
- Atlas CLI 23 ideas
- Atlas Search 148 ideas
- Atlas Stream Processing 1 idea
- Charts 236 ideas
- Compass 393 ideas
- Connectors (BI, Kafka, Spark) 40 ideas
- Data Federation and Data Lake 51 ideas
- Database 272 ideas
- Documentation 6 ideas
- Drivers 67 ideas
- Education 33 ideas
- FLE and Queryable Encryption 3 ideas
- MongoDB Analyzer (for .NET) 1 idea
- MongoDB for VS Code 62 ideas
- MongoDB Shell 36 ideas
- Ops Tools 441 ideas
- Realm 84 ideas
- Relational Migrator 1 idea
- Support Website 13 ideas
- UI 108 ideas
- Vector Search 4 ideas
Hello Geoffrey,
You should be able to use the native key rotation functionality in Azure if you set the key version when you specify the CMK in your setup. If you specify a versionless key identifier you will encounter problems with key rotation.
Azure KeyVault doesn't work like AWS KMS or GCP Cloud KMS, where the KMS can identify which version of a key was used for encryption and use the same version for decryption. Instead Azure Key Vault will always use the latest key version for either encryption or decryption if a versionless key identifier is used.
Please not that if you do want to re-encrypt all of the existing DEKs with the new CMK, you will need to do a key rotation, the procedure is described in our docs here - https://www.mongodb.com/docs/manual/core/queryable-encryption/fundamentals/manage-keys/
Thank you,
Cynthia