I would really appreciate some further explanations about the point of key rotation when using FLE. I’ve gone through this topic and few other sources to do my best to understand the whole FLE mechanism but I still have one main issue with it. With Mongodb storing the data encryption keys (DEK) in separate collection and without those keys being rotated what’s the benefit of using key rotation of the keys that protect DEKs?
So let’s assume that we encrypt every document within collection with one DEK (so for two collections - let’s call them Bob and Alice - there are 2 DEKs etc.) and we use one key that protects those DEKs. If there is ever a situation that this protecting key is compromised, an attacker will always be able to read all the documents from Bob and Alice collections even if the key is rotated as the compromised key will always be able to decrypt both those DEKs. But if we add another collection after the rotation - the third collection will be safe as the new DEK is encrypted with the new version of rotated key and the compromised key is not able to decrypt it. Of course we assume in such case the attacker has an access to the compromised key and to MongoDB cluster.
Sorry if the question sounds silly but appsec is not my area of expertise. Do I understand this behaviour correctly? Is there any important aspect missing there? Or maybe there is some obvious improvement of presented flow you can suggest?