NodeJS - The keyAltNames field is not created when creating the Data Key in MongoDB Client Side Field Level Encryption

I have been following this guide - How to use MongoDB Client-Side Field Level Encryption (CSFLE) with Node.js/ by Joe Karlsson to test out the MongoDB CSFLE.

In doing so, in the step of creating the data key in local key vault store [https://www.mongodb.com/how-to/client-side-field-level-encryption-csfle-mongodb-node/#create-a-data-key-in-mongodb-for-encrypting-and-decrypting-document-fields] the data key successfully is created but the keyAltName is not attached to the data key’s document.

I tested this multiple times and there is nothing wrong in my code and I’m following the guide as it is. I can’t understand what is causing this issue. The data key creation is successful but without the keyAltNames field. A help here would be really appreciated.

Did you get any solution ? I am also facing the same issue.
I think it’s an issue related to ‘mongdb-client-encryption’ npm module.

I couldn’t still find a solution. I also think this is related to the mongodb-client-encryption npm module. I asked the same question on Stack Overflow but still no luck. I’m waiting for some official reply from MongoDB team, I don’t think we can create issues on libmongocrypt repo

I did a temporary workaround. Update the local key-vault document after it’s created. I know it’s not the correct method. Hope they fix this issue in their future release.

MongoClient.connect(
    connectionString,
    {
      useUnifiedTopology: true,
    },
    async (err, db) => {
      if (err) throw err;
      try {
        await db.db(your_DB_Name).collection('__keyVault')
          .findOneAndUpdate({ _id: dataKeyId }, { $set: { keyAltNames: [keyAltName] } });
      } catch (error) {
        console.log(`failed to add keyaltname ${keyAltName}, ${error.stack}`);
      }
      db.close();
    },
  );
1 Like

Thanks. This is the only way it seems as of now. How did you get the dataKeyId? Is it the Binary type key ID returned from the createDataKey method?

Hello all,

I believe the issue you’re facing will be fixed soon we have a related ticket scheduled to start soon: NODE-3118. The community forums are a great place to get assistance with learning how to use our tools or some troubleshooting. If you ever encounter an issue you can let us know on our JIRA project here: https://jira.mongodb.org/projects/NODE.

Thanks for your patience,
Neal

2 Likes

i am facing the same issue, i don"t think the problem is resolved, the keyAltName was not in the vaultKeys encryption database
is there a solution for this ??

Welcome to the MongoDB Community Forums @bilal_meddah!

Development & testing for the NODE-3118 issue mentioned in an earlier comment is still in progress if you follow the link through to MongoDB’s Jira issue tracker. There are a few commits linked to the issue but it has not been resolved or targeted for a Node.js driver release yet.

If you login to Jira (which uses the same MongoDB Cloud login as the forums) you can Watch specific issues for updates. When an issue is targeted to be resolved in a specific Node.js driver release a Fix Version will be set on the Jira issue. Ultimately the issue will be closed when all changes have been tested & merged. The final “Fix Version/s” value(s) will indicate which driver releases the fix will be included in (or possibly backported to).

Regards,
Stennie

Hi, @Stennie
thank you for the welcome, unfortunately this is not the only problem, i manage to add the keyAltName to the document of vaultKeys, but now what i am facing is weird, the database without encryption enabled is working perfectly, but when i integrate the encryption, sometimes just accept the first request (read op) and after that it not accepting anything, without any logs for errors, and sometimes, it’s not accepting anything, i am using the local provider with nodejs, and the configuration seems good, i don"t know where the problem, please can you provide me with any solution, methods, by the way i am using mongoose
thanks