Reputation: 7764
encrypted database password MongoDb
we have a rest api which needs to talk to Mongodb (as of now its postgres), right now in the property/config file of the api we are hardcoding the DB password. we are using JDBC to connect to postgres,we need to decide whether to use the same JDBC or Mongoclient to connect to MongoDB.
So the question is
- Is there a way to encrypt the DB password and sent over to network and connect to Mongo Db instead of hardcoding the password in the property file.?? or
- Use SSL to connect to MongoDB from rest api ,so that the password even can be a plain text in the property file.
And which one from the above will be the best way to follow to avoid security threats...we have both api and database in AWS...
Upvotes: 1
Views: 2494
Answers (3)
Reputation: 3224
The other responses seem outdated by now. As per 4.0, all versions of MongoDB support TLS 1.1, with only the Enterprise version supporting "FIPS mode".
Upvotes: 0
Reputation: 42926
You can use SSL connections since you are hosting on AWS.
Normally MongoDB does not have SSL support, but if you use the Enterprise version of MongoDB, then SSL support is included.
Per Amazon's MongoDB Security Architecture White Paper, AWS does use MongoDB Enterprise which means it has SSL support.
Upvotes: 0
Reputation: 3637
There is no way to encrypt Mongo password alone, you need to encrypt your whole connection using SSL.
If you are administering your own mongodb instance, you need to take a look in this document: https://docs.mongodb.org/manual/tutorial/configure-ssl/
If you are hiring some mongodb provider (like mongolab), they usually offer a way to enable SSL in your connections (but they usually limit this feature to paid plans).
The usual way to store DB passwords is through environment variables. This way you won't save those values to your git and you can configure those values directly on server.
To configure environment variables in UNIX, you need to export like that:
export MONGODB_DB_URL_ADMIN=mongodb://myuser:[email protected]:35123/my_database_name
And to use it inside your code (NodeJS + mongoose example):
var mongoDbURL = process.env.MONGODB_DB_URL_ADMIN || "mongodb://127.0.0.1/myLocalDB";
var db = mongoose.createConnection(mongoDbURL);
db.model("MyModel", mySchema, "myCollectionName");
If you are using a PaaS (like Heroku), they usually provide a way to setup environment variables using their interface. This way this variable get configured in every instance you use. If you are setting up your own Linux instance, you need to put those values under a startup script (.bashrc) or other method (for example /etc/environment)
Upvotes: 1
Related Questions
- How to encrypt Spring Boot application data in mongodb
- Encrypt password fields in mongodb
- How to encrypt field in MongoDB
- encrypting mongo password in datasource definition using springboot
- How to encrypt mongo db password with jasypt?
- How to store password encrypted in database?
- Encrypting MongoDB password
- Spring Mongo template password encryption
- Password Encryption
- encrypt database username and password in java?