0

We'd like to use mongo's native CSFLE offering (https://docs.mongodb.com/drivers/security/client-side-field-level-encryption-guide/), however as per the documentation, it seems like the data key id should be provided ahead of the initialisation of MongoClient.

In our use case, we need to use the same schema, however with different data keys, dynamically (e.g. a different data key for each customer in a multitenant architecture)

What is the idiomatic solution for this problem?

Edit: a similar question from mongodb's community forums: https://www.mongodb.com/community/forums/t/csfle-with-data-key-per-document/113161

Thanks!

leongold
  • 1,004
  • 7
  • 14

1 Answers1

0

You can do this with explicit encryption, and I believe this is one of the use cases for explicit encryption to begin with.

See https://docs.mongodb.com/ruby-driver/master/reference/client-side-encryption/#explicit-encryption for an example.

D. SM
  • 13,584
  • 3
  • 12
  • 21
  • I'm probably asking for too much, but I was hoping to still enjoy the benefits of automatic encryption: https://docs.mongodb.com/manual/reference/security-client-side-automatic-json-schema/ – leongold Aug 28 '21 at 15:39
  • You'd need someone more familiar with the feature than me then to answer that. – D. SM Aug 29 '21 at 15:14
  • there is no way to use dynamic data keys in autoencryption unfortunately – dododo Dec 02 '21 at 01:01