All databases must be secure to prevent unauthorized access to your data. For Atlas users, it is very easy to set up security for your database since most of it is automated by Atlas and all you have to do is follow a setup wizard, it gets tricky when you are hosting your own instance of mongo using the power of docker so I'm going to walk you through the steps needed to host a secure MongoDB docker container.
NB: This guide assumes you have some docker knowledge and you have docker setup in your work environment.
So first things first we need to have the MongoDB docker container up and running, this can be done with the command
docker run -d --name some-mongo \
-e MONGO_INITDB_ROOT_USERNAME=mongoadmin \
-e MONGO_INITDB_ROOT_PASSWORD=secret \
mongo
If you look closely here we are creating an instance of the mongo image (container) with the environment variables MONGO_INITDB_ROOT_USERNAME, MONGO_INITDB_ROOT_PASSWORD Setting these two variables will create a database user, The user will be created in the auth authentication database and is given the role of root which is a super user in MongoDB. Now that the MongoDB image is running with the name some-mongo we need to login into the mongo shell and create users for our databases. Run the command below to run bash on the mongo container.
docker container exec -it some-mongo bash
Now the running terminal is bash now we need to run mongo and connect to our secure local database using the command below.
mongo mongodb://mongoadmin:secret@localhost:27017
If everything runs correctly you should be able to see a terminal almost similar to one below depending on your system.
Now we are running DB commands as root user we can create database users for ours databases.
To create a user for the database customers you run the following commands
use customers
db.createUser({
user: "web-app",
pwd: "eureka",
roles: [{role: "readWrite", db: "customers"}]
})
After running the above commands the database customers will now be a secure DB with user web-app. The database will now be accessible with the connection string mongodb://web-app:eureka@<host>:<port> . You can now use this connection string in your server configs or even in MongoDB Compass to browse the data.
Yay now you have a secure database on your docker container 🙌👏🙌👏
Top comments (2)
This is adding security to a docker thingy. This is not about adding security to a database. Most databases don't need 'adding security'. Just don't create a superuser is sufficient.
A docker thingy which is your mongodb docker container