MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Will Not Implement
Categories Atlas
Created by Guest
Created on Feb 23, 2022

RELATED FEEDBACK

Atlas does not automatically rotate the Key Version Resource ID used for Google Cloud key management.

Basically, when a new version of the key is being created in GCP, Atlas Terraform provider does not accept primary or newest value for version argument. We cannot use the data source to filter on the version that is primary or the "newest" https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/kms_crypto_key_version, it will default to 1. We have to specify the version #. But we need this to be fully automated. I found this issue which seems to show the same situation, but it’s from 2020… https://github.com/hashicorp/terraform-provider-google/issues/5688 MongoDB Support mentioned we could use the AWS KMS which supports automatic key rotation. So we are suggesting implementing automatic key rotation for GCP as well.
  • Attach files
  • Guest
    Oct 26, 2022
    Hi thanks for the feedback. Automatic key rotation is not a limitation of the MongoDB Atlas Terraform Provider, but rather of the underlying Atlas Admin API itself. Atlas Admin API does not automatically rotate user-managed encryption keys from any of the cloud vendors. For more information see documentation (https://www.mongodb.com/docs/atlas/reference/api/enable-configure-encryptionatrest/ ). As an alternative if helpful, MongoDB support is correct you can use Manage Customer Keys with AWS KMS (as well as with Google Cloud KMS) which supports automatic key rotation which you can access via the Atlas UI. hope this helps. to learn more see here: https://www.mongodb.com/docs/atlas/security-gcp-kms/
    Reply