Hello,
We are using mongodb-crypt library for field level encryption on Azure.
We are able to encrypt & decrypt data properly.
However we faced issue with our Cloud provider due to which KeyVault was unavailable for certain period of time. During this time our encryution/decryption process errored as the internal C library “libmongocrypt” tries to fetch the masterkey every 1 minute.
Right now this is not configurable, please suggest options to avoid this situation by either increasing the time interval to query the KMS or reuse the existing masterKey if the KeyVault fails.
Found following documentation from “libmongocrypt”
libmongocrypt: Data key caching
Data keys are cached in libmongocrypt for one minute. This is not
configurable, and there is no maximum number of keys in the cache. The
data key material is stored securely. It will not be paged to disk and
the memory will be properly zero’ed out after freeing.
Thanks,
Chaitanya.