[英]Mongo CSFLE Data encryption keys fetched once or in batches
In MongoDB client side fields level encryption, When we encrypt records and have multiple data encryption keys(please don't confuse this with master key) in key vault, if we fetch multiple records in a single query, say X records which have 1 field encrypted using Y distinct data encryption keys, I would like to understand how the driver handles fetching of these data encryption keys.在 MongoDB 客户端字段级别加密中,当我们加密记录并在密钥库中有多个数据加密密钥(请不要将其与主密钥混淆)时,如果我们在单个查询中获取多条记录,例如 X 记录有 1 个字段使用 Y 个不同的数据加密密钥加密,我想了解驱动程序如何处理这些数据加密密钥的获取。 I could think of few ways listed below on how it could have been handled, but want to understand exact behaviour to finalise our approach.
我可以想到下面列出的几种方法来处理它,但想了解确切的行为以最终确定我们的方法。
If anyone has idea on how its implemented, please share.如果有人知道它是如何实现的,请分享。
TIA TIA
The key management happens in the libmongocrypt library.密钥管理发生在libmongocrypt库中。
It appears to request each key individually, as it is needed, and cache it locally for later use.它似乎根据需要单独请求每个密钥,并将其缓存在本地以供以后使用。
This seems to align with you #2 scenario.这似乎与您的#2 场景一致。
I have tried it out myself by generating 3 data encryption keys(DEKs) and multiple records(R) encrypted using these and stored in DB.我自己通过生成 3 个数据加密密钥 (DEK) 和使用这些加密并存储在 DB 中的多个记录 (R) 进行了尝试。 When I fetched all the records, it made a query to fetch all 3 DEKs using an $in query on the 3 DEK IDs.
当我获取所有记录时,它使用对 3 个 DEK ID 的 $in 查询进行查询以获取所有 3 个 DEK。 So, looks like its following scenario 3. This observation is for small set of data.
所以,看起来像下面的场景 3。这个观察是针对小数据集的。 May be if there are too many DEKs, it might try to make different batch calls for DEKs, not sure.
可能是如果 DEK 太多,它可能会尝试对 DEK 进行不同的批处理调用,不确定。 But at least I was able to confirm that it will fetch DEKs in batches which helps in better performance.
但至少我能够确认它将批量获取 DEK,这有助于提高性能。
Hope this information helps others.希望这些信息对其他人有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.