Navigation
This version of the documentation is archived and no longer supported.

Generate a Key File

This section describes how to generate a key file to store authentication information. After generating a key file, specify the key file using the keyFile option when starting a mongod or mongos instance.

A key’s length must be between 6 and 1024 characters and may only contain characters in the base64 set. The key file must not have group or world permissions on UNIX systems. Key file permissions are not checked on Windows systems.

Generate a Key File

Use the following openssl command at the system shell to generate pseudo-random content for a key file:

openssl rand -base64 741

Note

Key file permissions are not checked on Windows systems.

Key File Properties

Be aware that MongoDB strips whitespace characters (e.g. x0d, x09, and x20) for cross-platform convenience. As a result, the following operations produce identical keys:

echo -e "my secret key" > key1
echo -e "my secret key\n" > key2
echo -e "my    secret    key" > key3
echo -e "my\r\nsecret\r\nkey\r\n" > key4