I am starting to explore CSFLE and currently using community version 4.4
We are open to moving to enterprise version or Atlas.
Our application is an enterprise application. We have implemented multi-tenancy with one DB per tenant model. From our application (Python) we maintain a pool of DB connections (rather driver does) and we just switch the MongoDB db to use based on the tenant-ID. That means, we can just keep one connection pool and use it for any tenant.
With CSFLE, I am wondering the following:
How can we keep tenant specific encryption keys under tenant DB and still maintain connection pool and easily switch DBs?
The automatic encryption/decryption parameter (which hold info about key namespace, db+collection) needs to be passed to MongoClient consturctor, that is when MongoDB connection is created.
If we do keep tenant specific keys under tenant db, it seems, we have to create individual MongoDB connection per tenant. Which seems wrong to me.
Any suggestion? Am I missing anything?
Help will be greatly appreciated.