MongoDB Auth Key File Configuration in a Replica Set
Authentication key file in MongoDB really useful to secure the database in a Replica set, there are two major things,
1. Security between members of the replica set using Internal Authentication,
2. Security between connecting clients and the replica set using User Access Controls.
Require downtime to enforcing access control on an existing replica set,
Create a keyfile:
Create a --keyfile in MongoDB router server,
Use openssl command to generate a complex pseudo-random 1024 character string to use for a keyfile.
openssl rand -base64 741 > Destination file location
# openssl rand -base64 741 > /var/lib/mongo-keyfile
uses chmod to change file permissions to provide read permissions couldn't use unknown users
# chmod 400 mongodb-keyfile
Next, Copy the keyfile to each replica set.
To Enable authentication for each member of all the config servers, shared cluster or Replica Set specify the keyfile in configuration file. Use a consistent location for each server.
Shutdown all the mongo machines are mongos shared cluster and config servers, on the admin database:
> use admin
Start the mongod using the configuration file:
# mongod --config /var/lib/mongo-keyfile
For replica Set use the below command,
# mongod --keyFile /var/lib/mongo-keyfile --replSet <replicaSetName>