MongoDB (Replica Set)

Last modified on July 30, 2025

Overview

A datasource consists of a database resource and the credentials used to access it. This guide describes how to add a MongoDB (Replica Set) database as a datasource in the StrongDM Admin UI.

Prerequisites

To add a datasource, make sure you have met the following prerequisites:

  • Properly configure an account for your database resource. If you choose to store credentials for the resource with StrongDM, have those credentials ready. When not using StrongDM, set up a Secret Store integration and be able to enter the location of the secrets required to access the resource.
  • The hostname or endpoint you enter for your resource must be accessible by at least one gateway or relay. To verify this, log in to the gateway or relay and use the nc -zv <YOUR_HOSTNAME> <YOUR_PORT> Netcat command. For example, use nc -zv testdb-01.fancy.org 5432. If your gateway server can connect to this hostname, you can proceed.

Add a Datasource

To add your new MongoDB database as a StrongDM datasource, use the following steps.

  1. Log in to the StrongDM Admin UI.
  2. Go to Infrastructure > Datasources.
  3. Click Add datasource.
  4. Select MongoDB (replica set) as the Datasource Type and set other configuration properties for your new database resource.
  5. Complete all required fields.
  6. Click Create to save the resource.
  7. Click the resource name to view status, diagnostic information, and setting details.

Resource properties

Configuration properties are visible when you add a datasource or when you click to view its settings. The following table describes the settings available for your MongoDB database.

PropertyRequirementDescription
Display NameRequiredMeaningful name to display the resource throughout StrongDM; exclude special characters like quotes (") or angle brackets (< or >)
Datasource TypeRequiredSelect MongoDB (replica set). If you want to add a MongoDB resource without specifying a replica set, see the instructions for MongoDB (single host) resource type instead.
Proxy ClusterRequiredDefaults to “None (use gateways)”; if using proxy clusters, select the appropriate cluster to proxy traffic to this resource
HostnameRequiredHostname for your MongoDB database resource; must be accessible to a gateway or relay
PortRequiredPort to use when connecting to your MongoDB database; default port value is 27017
Connectivity ModeRequiredSelect either Virtual Networking Mode, which lets users connect to the resource with a software-defined, IP-based network; or Loopback Mode, which allows users to connect to the resource using the local loopback adapter in their operating system; this field is shown if Virtual Networking Mode is enabled for your organization
IP AddressOptionalIf Virtual Networking Mode is the selected connectivity mode, an IP address value in the configured Virtual Networking Mode subnet in the organization network settings; if Loopback Mode is the selected connectivity mode, an IP address value in the configured Loopback IP range in the organization network settings (by default, 127.0.0.1); if not specified, an available IP address in the configured IP address space for the selected connectivity mode will be automatically assigned; this field is shown if Virtual Networking Mode and/or multi-loopback mode is enabled for your organization
Port OverrideOptionalIf Virtual Networking Mode is the selected connectivity mode, a port value between 1 and 65535 that is not already in use by another resource with the same IP address; if Loopback Mode is the selected connectivity mode, a port value between 1024 to 64999 that is not already in use by another resource with the same IP address; when left empty with Virtual Networking Mode, the system assigns the default port to this resource; when left empty for Loopback Mode, an available port that is not already in use by another resource is assigned; preferred port also can be modified later from the Port Overrides settings
DNSOptionalIf Virtual Networking Mode is the selected connectivity mode, a unique hostname alias for this resource; when set, causes the desktop app to display this resource’s human-readable DNS name (for example, k8s.my-organization-name) instead of the bind address that includes IP address and port (for example, 100.64.100.100:5432)
Authentication DatabaseRequiredEnter the name of the authentication database (that is, the database that MongoDB users authenticate against, not the database to which you are granting access); in this example, the authentication database is sdmdb, while the MongoDB default database is admin
Secret StoreOptionalCredential store location; defaults to Strong Vault; learn more about Secret Store options
UsernameRequiredUsername to utilize when connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type
PasswordRequiredPassword for the user connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type
Username (path)RequiredPath to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type
Password (path)RequiredPath to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type
Replica SetOptionalThe name of the MongoDB replica set, which can be found in the Web UI or your shard prefix
TLS RequiredOptionalIndicator to require StrongDM to use TLS to connect to the database
Connect to Replica?OptionalSelect this option if you would like StrongDM to connect to a secondary (read-only) replica instead of the primary node.
Resource TagsOptionalDatasource tags consisting of key-value pairs <KEY>=<VALUE> (for example, env=dev)

Secret Store options

By default, datasource credentials are stored in StrongDM. However, these credentials can also be saved in a secrets management tool.

Non-StrongDM options appear in the Secret Store dropdown if they are created under Settings > Secrets Management. When you select another Secret Store type, its unique properties display. For more details, see Configure Secret Store Integrations.

Resource status

After a resource is created, the Admin UI displays that resource as unhealthy until the healthchecks run successfully. When the resource is ready, the Health icon indicates a positive, green status.

When the resource does not display a positive status, click the resource name to go to the Diagnostics tab and check for errors.

Client Connections

Due to the way MongoDB manages connections, when a user connects to a MongoDB resource via StrongDM, the specific node in the cluster that they are connected to may vary. Considerations such as whether that node is read-only are ignored, and the user will be connected to any node that’s available in the cluster.

Top