luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/api-docs/secret/databases/mongodbatlas.mdx
Ashlee M Boyer f3df55ad58
docs: Migrate link formats (#18696) 
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 16:12:15 -08:00

110 lines
4.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: 'api'
page_title: 'MongoDB Atlas - Database - Secrets Engines - HTTP API'
description: |-
The MongoDB Atlas plugin for Vault's Database Secrets Engine generates MongoDB Database User credentials for MongoDB Atlas.
---
# MongoDB Atlas Database Plugin HTTP API
The MongoDB Atlas plugin is one of the supported plugins for the Database
Secrets Engine. This plugin generates MongoDB Atlas Database User credentials dynamically based on
configured roles.
## Configure Connection
In addition to the parameters defined by the [Database
Backend](/vault/api-docs/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
| :----- | :----------------------- |
| `POST` | `/database/config/:name` |
### Parameters
- `public_key` `(string: <required>)` The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.
- `private_key` `(string: <required>)` - The Private Programmatic API Key used to connect with MongoDB Atlas API.
- `project_id` `(string: <required>)` - The [Project ID](https://docs.atlas.mongodb.com/api/#project-id) the Database User should be created within.
- `username_template` `(string)` - [Template](/vault/docs/concepts/username-templating) describing how
dynamic usernames are generated.
### Sample Payload
```json
{
"plugin_name": "mongodbatlas-database-plugin",
"allowed_roles": "readonly",
"public_key": "aPublicKey",
"private_key": "aPrivateKey",
"project_id": "aProjectID"
}
```
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/database/config/mongodbatlas
```
## Statements
Statements are configured during Vault role creation and are used by the plugin to
determine what is sent to MongoDB Atlas upon user creation, renewal, and
revocation. For more information on configuring roles see the [Role API](/vault/api-docs/secret/databases#create-role)
in the Database Secrets Engine docs.
### Parameters
The following are the statements used by this plugin. If not mentioned in this
list the plugin does not support that statement type.
- `creation_statements` `(string: <required>)` Specifies the database
statements executed to create and configure a user. Must be a
serialized JSON object, or a base64-encoded serialized JSON object.
The object can optionally contain a `database_name`, the name of
the authentication database to log into MongoDB. In Atlas deployments of
MongoDB, the authentication database is always the admin database. The object
must also contain a `roles` array, and from Vault version 1.6.0 (plugin
version 0.2.0) may optionally contain a `scopes` array. The `roles` array
contains objects that hold a series of roles `roleName`, an optional
`databaseName` and `collectionName` value. The `scopes` array determines
which clusters and data lakes the user has access to, and defaults to all
scopes if omitted. For more information regarding the `roles` and `scopes`
fields, refer to [MongoDB Atlas documentation](https://docs.atlas.mongodb.com/reference/api/database-users-create-a-user/).
- `default_ttl` `(string/int): 0` - Specifies the TTL for the leases associated with this role.
Accepts time suffixed strings (`1h`) or an integer number of seconds. Defaults to system/engine default TTL time.
- `max_ttl` `(string/int): 0` - Specifies the maximum TTL for the leases associated with this role. Accepts time
suffixed strings (`1h`) or an integer number of seconds. Defaults to `sys/mounts` default TTL time; this value
is allowed to be less than the mount max TTL (or, if not set, the system max TTL),
but it is not allowed to be longer. See also [The TTL General Case](/vault/docs/concepts/tokens#the-general-case).
### Sample Creation Statement
```json
{
"database_name": "admin",
"roles": [
{
"databaseName": "admin",
"roleName": "atlasAdmin"
},
{
"collectionName": "acollection",
"roleName": "read"
}
],
"scopes": [
{
"name": "a-cluster",
"type": "CLUSTER"
}
]
}
```
Reference in a new issue View git blame Copy permalink