Security

MongoDB provides various features, such as authentication, access control, encryption, to secure your MongoDB deployments. Some key security features include:

Authentication	Authorization	TLS/SSL	Enterprise Only
Authentication SCRAM-SHA-1 x.509	Role-Based Access Control Enable Auth Manage Users and Roles	Transport Encryption Configure mongod and mongos for TLS/SSL TLS/SSL Configuration for Clients	Kerberos Authentication LDAP Proxy Authentication Encryption at Rest Auditing

Security Checklist

MongoDB also provides the Security Checklist for a list of recommended actions to protect a MongoDB deployment.

• Security Checklist
• Authentication
  • Users
    • Add Users
  • Authentication Mechanisms
    • SCRAM-SHA-1
    • MONGODB-CR
    • x.509
      • Use x.509 Certificates to Authenticate Clients
  • Enterprise Authentication Mechanisms
    • Kerberos Authentication
      • Configure MongoDB with Kerberos Authentication on Linux
      • Configure MongoDB with Kerberos Authentication on Windows
      • Troubleshoot Kerberos Authentication
      • Configure MongoDB with Kerberos Authentication and Active Directory Authorization
    • LDAP Proxy Authentication
      • Authenticate Using SASL and LDAP with ActiveDirectory
      • Authenticate Using SASL and LDAP with OpenLDAP
      • Authenticate and Authorize Users Using Active Directory via Native LDAP
    • LDAP Authorization
  • Internal Authentication
    • Enforce Keyfile Access Control in a Replica Set
    • Enforce Keyfile Access Control in a Replica Set without Downtime
    • Deploy Replica Set With Keyfile Access Control
    • Enforce Keyfile Access Control in Sharded Cluster
    • Enforce Authentication in an Existing Sharded Cluster Without Downtime
    • Deploy Sharded Cluster with Keyfile Access Control
    • Use x.509 Certificate for Membership Authentication
    • Upgrade from Keyfile Authentication to x.509 Authentication
• Enable Auth
  • Manage Users and Roles
  • Change Your Password and Custom Data
• Role-Based Access Control
  • Built-In Roles
  • User-Defined Roles
  • Collection-Level Access Control
• Encryption
  • Transport Encryption
    • Configure mongod and mongos for TLS/SSL
    • TLS/SSL Configuration for Clients
    • Upgrade a Cluster to Use TLS/SSL
    • Configure MongoDB for FIPS
  • Encryption at Rest
    • Configure Encryption
    • Rotate Encryption Keys
• Auditing
  • Configure Auditing
  • Configure Audit Filters
• Security Hardening
  • MongoDB Configuration Hardening
  • Hardening Network Infrastructure
    • Configure Linux iptables Firewall for MongoDB
    • Configure Windows netsh Firewall for MongoDB
• Implement Field Level Redaction
• Security Reference
  • Built-In Roles
  • system.roles Collection
  • system.users Collection
  • Resource Document
  • Privilege Actions
  • System Event Audit Messages
• Create a Vulnerability Report

Additional Resources

• Making HIPAA Compliant MongoDB Applications
• Security Architecture White Paper
• Webinar: Securing Your MongoDB Deployment

←   FAQ: MongoDB Storage Security Checklist  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.