MongoDB (Replica Set)

Last modified on February 14, 2024

To add MongoDB in replica set mode as a datasource in the Admin UI, set the following configuration properties. For more information, see our main guide, Add a Datasource.

General Information

StrongDM supports MongoDB version 5.0 and earlier (for clients) and version 6.0 and earlier (for servers).

Due to the way MongoDB manages connections, when a user connects to a MongoDB resource via StrongDM, the specific node in the cluster that they are connected to may vary. Considerations such as whether that node is read-only are ignored, and the user will be connected to any node that’s available in the cluster.

If you want to add a MongoDB resource without specifying a replica set, use the MongoDB (single host) resource type instead.

Configuration Properties

Add MongoDB (Replica Set) Datasource Dialog
Add MongoDB (Replica Set) Datasource Dialog
  • Display Name (Required): Enter a meaningful name for this resource, such as “Mongo-Replica.” This name displays throughout StrongDM. Do not include special characters like quotes (") or angle brackets (< or >).
  • Datasource Type (Required): Select MongoDB (replica set).
  • Hostname (Required): Enter the hostname. Note that it must be accessible to a gateway or relay. In some cases, the port needs to be appended to the hostname, such as foo.hostname.example:27017. If entering SRV records or multiple hosts, they should be separated by commas.
  • Port (Required): Enter the port to connect to the resource (default: 27017).
  • Bind Interface (Read only): Bind Interface is the IP address to which the port override of this resource is bound. The IP address value is automatically generated in the 127.0.0.1 to 127.255.255.254 IP address range after the resource is created. The default is 127.0.0.1. You can modify this value with your preferred bind interface value later under Settings > Port Overrides.
  • Port Override (Read only): After this datasource has been created, this field will be automatically filled with a port between 1024-59999 that is not in use by another datasource. You can optionally overwrite it with your own preferred port later in the Port Overrides settings.
  • Authentication Database (Required): Enter the name of the authentication database (that is, the database that MongoDB users authenticate against, not the database to which you are granting access. In this example, the authentication database is sdmdb, while the MongoDB default database is admin.
  • Secret Store (Optional): This field lets you specify where the credentials for this resource are stored. The default Secret Store type is Strong Vault. Selecting any other Secret Store type causes properties unique to that secret store to appear, such as Username (path), Password (path), and so forth. For more detailed information about path to the secrets you have stored in a particular secret store, see the Secret Store integration configuration guide for the one you are using.
  • Username (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and StrongDM is the selected Secret Store type. Enter the username of the user that will be used for this datasource.
  • Username (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not StrongDM, enter the path to the secret in your secret store (for example, path/to/credential?key=optionalKeyName). The key argument is optional.
  • Password (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and StrongDM is the selected Secret Store type. Enter the password of the user that will be used for this datasource.
  • Password (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not StrongDM, enter the path to the secret in your Secret Store (for example, path/to/credential?key=optionalKeyName). The key argument is optional.
  • Replica Set (Optional): Enter the name of the MongoDB replica set. You can get this name from either the Web UI or your shard prefix.
  • TLS Required? (Optional): If your MongoDB database is configured to require TLS, select the checkbox to enable StrongDM to use a TLS connection. Note that if your replica set is hosted in MongoDB Atlas, you must check this box.
  • Connect to Replica? (Optional): Select this option if you would like StrongDM to connect to a secondary (read-only) replica instead of the primary node.
  • Resource Tags (Optional): Assign tags to the datasource by entering key-value pairs in the format <KEY>=<VALUE> (for example, env=dev).