NodeJS - The keyAltNames field is not created when creating the Data Key in MongoDB Client Side Field Level Encryption

Ravindu_Fernando · February 15, 2021, 7:10pm

I have been following this guide - How to use MongoDB Client-Side Field Level Encryption (CSFLE) with Node.js/ by Joe Karlsson to test out the MongoDB CSFLE.

In doing so, in the step of creating the data key in local key vault store [https://developer.mongodb.com/how-to/client-side-field-level-encryption-csfle-mongodb-node/#create-a-data-key-in-mongodb-for-encrypting-and-decrypting-document-fields] the data key successfully is created but the keyAltName is not attached to the data key’s document.

I tested this multiple times and there is nothing wrong in my code and I’m following the guide as it is. I can’t understand what is causing this issue. The data key creation is successful but without the keyAltNames field. A help here would be really appreciated.

Navin_Devassy · February 17, 2021, 12:07pm

Did you get any solution ? I am also facing the same issue.
I think it’s an issue related to ‘mongdb-client-encryption’ npm module.

Ravindu_Fernando · February 17, 2021, 1:01pm

I couldn’t still find a solution. I also think this is related to the mongodb-client-encryption npm module. I asked the same question on Stack Overflow but still no luck. I’m waiting for some official reply from MongoDB team, I don’t think we can create issues on libmongocrypt repo

Navin_Devassy · February 18, 2021, 7:07pm

I did a temporary workaround. Update the local key-vault document after it’s created. I know it’s not the correct method. Hope they fix this issue in their future release.

MongoClient.connect(
    connectionString,
    {
      useUnifiedTopology: true,
    },
    async (err, db) => {
      if (err) throw err;
      try {
        await db.db(your_DB_Name).collection('__keyVault')
          .findOneAndUpdate({ _id: dataKeyId }, { $set: { keyAltNames: [keyAltName] } });
      } catch (error) {
        console.log(`failed to add keyaltname ${keyAltName}, ${error.stack}`);
      }
      db.close();
    },
  );

Ravindu_Fernando · February 18, 2021, 9:17am

Thanks. This is the only way it seems as of now. How did you get the dataKeyId? Is it the Binary type key ID returned from the createDataKey method?