Hi,
We are using Client-Side Field Level Encryption (CSFLE) with explicit encryption in a MongoDB Atlas environment, utilizing Azure Key Vault as the Key Management Service (KMS) provider. Our connection to MongoDB is authenticated via certificates.
We have observed delays during the decryption of the encrypted document in our applicaltion. We noticed that the libmongocrypt driver version 1.12.0 introduced a new flag, mongocrypt_setopt_key_expiration, which allows extending the DEK cache duration from the default 60 seconds.
However, we are unable to implement this using the MongoDB.Driver for .NET (v2.30). The ExtraOptions property in the AutoEncryptionSettings class, which is used to configure client communication with MongoDB, only accepts the following flags:
- cryptSharedLibPath
- cryptSharedLibRequired
- mongocryptdURI
- mongocryptdBypassSpawn
- mongocryptdSpawnPath
- mongocryptdSpawnArgs
Could you please advise on how to use the mongocrypt_setopt_key_expiration flag within these settings, or suggest an alternative approach to extend the DEK cache duration?
Thank in advance!
Regards,
UB