3

I have been following this guide - How to use MongoDB Client-Side Field Level Encryption (CSFLE) with Node.js/ to test out the MongoDB CSFLE.

In doing so, in the step of creating the data key in local key vault store https://developer.mongodb.com/how-to/client-side-field-level-encryption-csfle-mongodb-node/#create-a-data-key-in-mongodb-for-encrypting-and-decrypting-document-fields the data key successfully is created but the keyAltName is not attached to the data key’s document.

I tested this multiple times and there is nothing wrong in my code and I’m following the guide as it is. I can’t understand what is causing this issue. The data key creation is successful but without the keyAltNames field. A help here would be really appreciated.

The code related to Data Key Document Creation

async findOrCreateDataKey(client) {
      const encryption = new ClientEncryption(client, {
      keyVaultNamespace: this.keyVaultNamespace,
      kmsProviders: this.kmsProviders
      })

      await this.ensureUniqueIndexOnKeyVault(client)

      let dataKey = await client
      .db(this.keyDB)
      .collection(this.keyColl)
      .findOne({ keyAltNames: { $in: [this.keyAltNames] } })

      if (dataKey === null) {
        dataKey = await encryption.createDataKey("local", {
           keyAltNames: [this.keyAltNames]
        })
        return dataKey.toString("base64")
      }
      return dataKey["_id"].toString("base64")
   }
}

Resulting Document

enter image description here

Package JSON MongoDB Driver/ MongoDB Client Side Encryption NPM Package Versions

"mongodb": "^3.6.0",
"mongodb-client-encryption": "^1.2.1"
Ravindu Nirmal Fernando
  • 4,272
  • 4
  • 18
  • 29
  • You are missing the most important part of the guide: https://developer.mongodb.com/how-to/client-side-field-level-encryption-csfle-mongodb-node/#the-requirements "Requirements". It says everything on the page works only on "MongoDB Atlas 4.2+ or MongoDB Server 4.2 Enterprise". – Alex Blex Feb 15 '21 at 12:24
  • 1
    @AlexBlex my ATLAS Cluster is running on MongoDB version 4.4 – Ravindu Nirmal Fernando Feb 16 '21 at 03:21
  • 1
    My bad, misread v3.6.0. I'll try to reproduce – Alex Blex Feb 16 '21 at 08:34
  • 1
    I have the same problem and I cannot find the solution anywhere! I even tried having a look at the package's code but it wasn't the cleanest code to read. So, I found nothing and I don't even know why this problem is starting to happen when nothing has changed and it was working before. – Amr Saber Mar 23 '21 at 12:43
  • @RavinduFernando Maybe you can document your workaround that you mentioned in https://developer.mongodb.com/community/forums/t/nodejs-the-keyaltnames-field-is-not-created-when-creating-the-data-key-in-mongodb-client-side-field-level-encryption/15875/4 for anyone having the same problem, It's the only way I got it working until there is an official fix – Amr Saber Mar 23 '21 at 13:26
  • 1
    OK, so I contacted one of the developers working on the package, and he told me it's a known issue that is scheduled to be worked on soon, and here is its Jira link: https://jira.mongodb.org/browse/NODE-3118 – Amr Saber Mar 23 '21 at 16:58

2 Answers2

1

EDIT - This issue is now fixed by the MongoDB team. Refer attached issue 1.

There is all-ready a ticket in place to fix this issue.

Please visit following thread which was opened by my-self within MongoDB Forums to obtain more info. -> https://developer.mongodb.com/community/forums/t/nodejs-the-keyaltnames-field-is-not-created-when-creating-the-data-key-in-mongodb-client-side-field-level-encryption/15875/3

Based on the comments in the above thread, one solution is to update the local keyVault document after its created and add the keyAltName field with its value. This seems to be the only viable fix until MongoDB team ships a fix for this in a future release.

Ravindu Nirmal Fernando
  • 4,272
  • 4
  • 18
  • 29
0

I managed to solve similar issue by installing mongodb-enterprise-cryptd lib into php node. For mongo container I was using official mongo docker image

    mongodb:
        image: mongo:4.2

p.s. I wasn't using mongo enterprise version. More info in here - Connecting to a MongoCryptD instance in docker environment with Mongoose

Lukas Zmoginas
  • 66
  • 3