luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/docs/secrets/databases/mongodb.mdx

116 lines
4.3 KiB
Plaintext
Raw Normal View History

Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
---
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
layout: docs
page_title: MongoDB - Database - Secrets Engines
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
description: |-
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
MongoDB is one of the supported plugins for the database secrets engine. This
plugin generates database credentials dynamically based on configured roles
for the MongoDB database.
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
---
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
# MongoDB Database Secrets Engine
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Add note about X.509 SHA-1 deprecation to relevant plugins (#15672) Add note about X.509 SHA-1 deprecation to relevant plugins Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 19:41:11 +00:00
@include 'x509-sha1-deprecation.mdx'
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
MongoDB is one of the supported plugins for the database secrets engine. This
plugin generates database credentials dynamically based on configured roles for
Update database docs (#8554) Redshift was missing from the sidebars, as was a reference to static roles in MongoDB.
2020-03-14 21:45:13 +00:00
the MongoDB database and also supports
[Static Roles](/docs/secrets/databases#static-roles).
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-01-22 20:05:41 +00:00
See the [database secrets engine](/docs/secrets/databases) docs for
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
more information about setting up the database secrets engine.
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Improve documentation around database plugins (#8892) * Adds a summary to the top of each plugin's page showing the capabilities that the plugin has. * Fixed sidebar sorting (they weren't quite alpabetical) * Improved instructions for using the Oracle plugin * Added note about using the pluggable database rather than the container database * Replaced admin/root usernames with super-user ones to encourage users to not use the root user in Vault * Included suggestions to rotate the root user's password when the plugin is capable * Improve documentation around rotating the root user's password * Fixed various typos
2020-05-01 21:05:05 +00:00
## Capabilities
🌷 Docs Website Maintenance (#8985) * website maintenance round * improve docs, revert bug workaround as it was fixed * boost memory * remove unnecessary code
2020-05-21 17:18:17 +00:00
docs: Update Database Capabilities to include username customization (#12172) * docs: Update Database Capabilities to include username customization * add operator/diagnose to the index file
2021-07-27 15:33:12 +00:00
| Plugin Name | Root Credential Rotation | Dynamic Roles | Static Roles | Username Customization |
| ------------------------- | ------------------------ | ------------- | ------------ | ---------------------- |
| `mongodb-database-plugin` | Yes | Yes | Yes | Yes (1.7+) |
Improve documentation around database plugins (#8892) * Adds a summary to the top of each plugin's page showing the capabilities that the plugin has. * Fixed sidebar sorting (they weren't quite alpabetical) * Improved instructions for using the Oracle plugin * Added note about using the pluggable database rather than the container database * Replaced admin/root usernames with super-user ones to encourage users to not use the root user in Vault * Included suggestions to rotate the root user's password when the plugin is capable * Improve documentation around rotating the root user's password * Fixed various typos
2020-05-01 21:05:05 +00:00
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
## Setup
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
1. Enable the database secrets engine if it is not already enabled:
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
```text
$ vault secrets enable database
Success! Enabled the database secrets engine at: database/
```
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
By default, the secrets engine will enable at the name of the engine. To
enable the secrets engine at a different path, use the `-path` argument.
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
1. Configure Vault with the proper plugin and connection information:
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
```text
$ vault write database/config/my-mongodb-database \
plugin_name=mongodb-database-plugin \
allowed_roles="my-role" \
Add x509 Client Auth to MongoDB Database Plugin (#8329) * Mark deprecated plugins as deprecated * Add redaction capability to database plugins * Add x509 client auth * Update vendored files * Add integration test for x509 client auth * Remove redaction logic pending further discussion * Update vendored files * Minor updates from code review * Updated docs with x509 client auth * Roles are required * Disable x509 test because it doesn't work in CircleCI * Add timeouts for container lifetime
2020-02-13 22:54:00 +00:00
connection_url="mongodb://{{username}}:{{password}}@mongodb.acme.com:27017/admin?tls=true" \
Improve documentation around database plugins (#8892) * Adds a summary to the top of each plugin's page showing the capabilities that the plugin has. * Fixed sidebar sorting (they weren't quite alpabetical) * Improved instructions for using the Oracle plugin * Added note about using the pluggable database rather than the container database * Replaced admin/root usernames with super-user ones to encourage users to not use the root user in Vault * Included suggestions to rotate the root user's password when the plugin is capable * Improve documentation around rotating the root user's password * Fixed various typos
2020-05-01 21:05:05 +00:00
username="vaultuser" \
password="vaultpass!"
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
```
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
1. Configure a role that maps a name in Vault to a MongoDB command that executes and
creates the database credential:
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
```text
$ vault write database/roles/my-role \
db_name=my-mongodb-database \
creation_statements='{ "db": "admin", "roles": [{ "role": "readWrite" }, {"role": "read", "db": "foo"}] }' \
default_ttl="1h" \
max_ttl="24h"
Success! Data written to: database/roles/my-role
```
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
## Usage
After the secrets engine is configured and a user/machine has a Vault token with
the proper permission, it can generate credentials.
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
1. Generate a new credential by reading from the `/creds` endpoint with the name
of the role:
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
```text
$ vault read database/creds/my-role
Key Value
--- -----
lease_id database/creds/my-role/2f6a614c-4aa2-7b19-24b9-ad944a8d4de6
lease_duration 1h
lease_renewable true
DBPW - Update docs with password policies & new Database interface (#10138)
2020-10-19 21:58:09 +00:00
password LEm-lcDJ2k0Hi05FvizN
username v-vaultuser-my-role-ItceCZHlp0YGn90Puy9Z-1602542024
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
```
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Add x509 Client Auth to MongoDB Database Plugin (#8329) * Mark deprecated plugins as deprecated * Add redaction capability to database plugins * Add x509 client auth * Update vendored files * Add integration test for x509 client auth * Remove redaction logic pending further discussion * Update vendored files * Minor updates from code review * Updated docs with x509 client auth * Roles are required * Disable x509 test because it doesn't work in CircleCI * Add timeouts for container lifetime
2020-02-13 22:54:00 +00:00
## Client x509 Certificate Authentication
This plugin supports using MongoDB's [x509 Client-side Certificate Authentication](https://docs.mongodb.com/manual/core/security-x.509/)
To use this authentication mechanism, configure the plugin:
🌷 Docs Website Maintenance (#8985) * website maintenance round * improve docs, revert bug workaround as it was fixed * boost memory * remove unnecessary code
2020-05-21 17:18:17 +00:00
```shell-session
Add x509 Client Auth to MongoDB Database Plugin (#8329) * Mark deprecated plugins as deprecated * Add redaction capability to database plugins * Add x509 client auth * Update vendored files * Add integration test for x509 client auth * Remove redaction logic pending further discussion * Update vendored files * Minor updates from code review * Updated docs with x509 client auth * Roles are required * Disable x509 test because it doesn't work in CircleCI * Add timeouts for container lifetime
2020-02-13 22:54:00 +00:00
$ vault write database/config/my-mongodb-database \
plugin_name=mongodb-database-plugin \
allowed_roles="my-role" \
connection_url="mongodb://@mongodb.acme.com:27017/admin" \
tls_certificate_key=@/path/to/client.pem \
tls_ca=@/path/to/client.ca
```
Note: `tls_certificate_key` and `tls_ca` map to [`tlsCertificateKeyFile`](https://docs.mongodb.com/manual/reference/program/mongo/#cmdoption-mongo-tlscertificatekeyfile)
and [`tlsCAFile`](https://docs.mongodb.com/manual/reference/program/mongo/#cmdoption-mongo-tlscafile) configuration options
from MongoDB with the exception that the Vault parameters are the contents of those files, not filenames. As such,
the two options are independent of each other. See the [MongoDB Configuration Options](https://docs.mongodb.com/manual/reference/program/mongo/)
for more information.
Vault documentation: updated all references from Learn to Tutorial (#15514) * updated learn to tutorial * correct spelling
2022-05-20 01:04:46 +00:00
## Tutorial
[Docs] Add relevant Learn tutorial links (#11440) * Add cross-links to matching Learn tutorials * Undo automatic format update by Atom * Fix a typo * Fix a grammartical error
2021-04-22 17:09:31 +00:00
Refer to [Database Secrets Engine with
MongoDB](https://learn.hashicorp.com/tutorials/vault/database-mongodb) for a
step-by-step tutorial.
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
## API
The full list of configurable options can be seen in the [MongoDB database
Fix broken links referencing to API docs (#14565) * Fix all '/api/' to '/api-docs/' * Minor fixes * Undo some of the unintentional changes
2022-03-18 01:14:48 +00:00
plugin API](/api-docs/secret/databases/mongodb) page.
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs
2017-05-11 21:38:54 +00:00
Resolve the most painful merge conflict known on earth
2017-09-20 20:05:00 +00:00
For more information on the database secrets engine's HTTP API please see the
Fix broken links referencing to API docs (#14565) * Fix all '/api/' to '/api-docs/' * Minor fixes * Undo some of the unintentional changes
2022-03-18 01:14:48 +00:00
[Database secrets engine API](/api-docs/secret/databases) page.
Reference in a new issue Copy permalink