MongoDB (Replica Set)
Last modified on July 30, 2025
Overview
A datasource consists of a database resource and the credentials used to access it. This guide describes how to add a MongoDB (Replica Set) database as a datasource in the StrongDM Admin UI.
Prerequisites
To add a datasource, make sure you have met the following prerequisites:
- Properly configure an account for your database resource. If you choose to store credentials for the resource with StrongDM, have those credentials ready. When not using StrongDM, set up a Secret Store integration and be able to enter the location of the secrets required to access the resource.
- The hostname or endpoint you enter for your resource must be accessible by at least one gateway or relay. To verify this, log in to the gateway or relay and use the
nc -zv <YOUR_HOSTNAME> <YOUR_PORT>Netcat command. For example, usenc -zv testdb-01.fancy.org 5432. If your gateway server can connect to this hostname, you can proceed.
-z flag to check for listeners without sending data and the -v flag to show verbose output. If you do not have Netcat, you can use a package manager such as APT (Advanced Package Tool) to install it. On Linux-based distributions, run apt-get install netcat.Add a Datasource
To add your new MongoDB database as a StrongDM datasource, use the following steps.
- Log in to the StrongDM Admin UI.
- Go to Infrastructure > Datasources.
- Click Add datasource.
- Select MongoDB (replica set) as the Datasource Type and set other configuration properties for your new database resource.
- Complete all required fields.
- Click Create to save the resource.
- Click the resource name to view status, diagnostic information, and setting details.
Resource properties
Configuration properties are visible when you add a datasource or when you click to view its settings. The following table describes the settings available for your MongoDB database.
| Property | Requirement | Description |
|---|---|---|
| Display Name | Required | Meaningful name to display the resource throughout StrongDM; exclude special characters like quotes (") or angle brackets (< or >) |
| Datasource Type | Required | Select MongoDB (replica set). If you want to add a MongoDB resource without specifying a replica set, see the instructions for MongoDB (single host) resource type instead. |
| Proxy Cluster | Required | Defaults to “None (use gateways)”; if using proxy clusters, select the appropriate cluster to proxy traffic to this resource |
| Hostname | Required | Hostname for your MongoDB database resource; must be accessible to a gateway or relay |
| Port | Required | Port to use when connecting to your MongoDB database; default port value is 27017 |
| Connectivity Mode | Required | Select either Virtual Networking Mode, which lets users connect to the resource with a software-defined, IP-based network; or Loopback Mode, which allows users to connect to the resource using the local loopback adapter in their operating system; this field is shown if Virtual Networking Mode is enabled for your organization |
| IP Address | Optional | If Virtual Networking Mode is the selected connectivity mode, an IP address value in the configured Virtual Networking Mode subnet in the organization network settings; if Loopback Mode is the selected connectivity mode, an IP address value in the configured Loopback IP range in the organization network settings (by default, 127.0.0.1); if not specified, an available IP address in the configured IP address space for the selected connectivity mode will be automatically assigned; this field is shown if Virtual Networking Mode and/or multi-loopback mode is enabled for your organization |
| Port Override | Optional | If Virtual Networking Mode is the selected connectivity mode, a port value between 1 and 65535 that is not already in use by another resource with the same IP address; if Loopback Mode is the selected connectivity mode, a port value between 1024 to 64999 that is not already in use by another resource with the same IP address; when left empty with Virtual Networking Mode, the system assigns the default port to this resource; when left empty for Loopback Mode, an available port that is not already in use by another resource is assigned; preferred port also can be modified later from the Port Overrides settings |
| DNS | Optional | If Virtual Networking Mode is the selected connectivity mode, a unique hostname alias for this resource; when set, causes the desktop app to display this resource’s human-readable DNS name (for example, k8s.my-organization-name) instead of the bind address that includes IP address and port (for example, 100.64.100.100:5432) |
| Authentication Database | Required | Enter the name of the authentication database (that is, the database that MongoDB users authenticate against, not the database to which you are granting access); in this example, the authentication database is sdmdb, while the MongoDB default database is admin |
| Secret Store | Optional | Credential store location; defaults to Strong Vault; learn more about Secret Store options |
| Username | Required | Username to utilize when connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type |
| Password | Required | Password for the user connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type |
| Username (path) | Required | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type |
| Password (path) | Required | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type |
| Replica Set | Optional | The name of the MongoDB replica set, which can be found in the Web UI or your shard prefix |
| TLS Required | Optional | Indicator to require StrongDM to use TLS to connect to the database |
| Connect to Replica? | Optional | Select this option if you would like StrongDM to connect to a secondary (read-only) replica instead of the primary node. |
| Resource Tags | Optional | Datasource tags consisting of key-value pairs <KEY>=<VALUE> (for example, env=dev) |
Secret Store options
By default, datasource credentials are stored in StrongDM. However, these credentials can also be saved in a secrets management tool.
Non-StrongDM options appear in the Secret Store dropdown if they are created under Settings > Secrets Management. When you select another Secret Store type, its unique properties display. For more details, see Configure Secret Store Integrations.
Resource status
After a resource is created, the Admin UI displays that resource as unhealthy until the healthchecks run successfully. When the resource is ready, the Health icon indicates a positive, green status.
When the resource does not display a positive status, click the resource name to go to the Diagnostics tab and check for errors.
Client Connections
Due to the way MongoDB manages connections, when a user connects to a MongoDB resource via StrongDM, the specific node in the cluster that they are connected to may vary. Considerations such as whether that node is read-only are ignored, and the user will be connected to any node that’s available in the cluster.