The Infisical Mongo DB dynamic secret allows you to generate Mongo DB Database credentials on demand based on configured role.

If your using Mongo Atlas, please use Atlas Dynamic Secret as MongoDB commands are not supported by atlas.

Prerequisite

Create a user with the required permission in your MongoDB instance. This user will be used to create new accounts on-demand.

Set up Dynamic Secrets with Mongo DB

1

Open Secret Overview Dashboard

Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.

2

Click on the 'Add Dynamic Secret' button

3

Select Mongo DB

4

Provide the inputs for dynamic secret parameters

Secret Name
string
required

Name by which you want the secret to be referenced

Default TTL
string
required

Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)

Max TTL
string
required

Maximum time-to-live for a generated secret

Host
string
required

Database host URL.

Port
number

Database port number. If your Mongo DB is cluster you can omit this.

User
string
required

Username of the admin user that will be used to create dynamic secrets

Password
string
required

Password of the admin user that will be used to create dynamic secrets

Database Name
string
required

Name of the database for which you want to create dynamic secrets

Roles
list
required

Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.

  • Enum: atlasAdmin backup clusterMonitor dbAdmin dbAdminAnyDatabase enableSharding read readAnyDatabase readWrite readWriteAnyDatabase <a custom role name>.
CA(SSL)
string

A CA may be required if your DB requires it for incoming connections.

5

Click `Submit`

After submitting the form, you will see a dynamic secret created in the dashboard.

If this step fails, you may have to add the CA certificate.

6

Generate dynamic secrets

Once you’ve successfully configured the dynamic secret, you’re ready to generate on-demand credentials. To do this, simply click on the ‘Generate’ button which appears when hovering over the dynamic secret item. Alternatively, you can initiate the creation of a new lease by selecting ‘New Lease’ from the dynamic secret lease list section.

When generating these secrets, it’s important to specify a Time-to-Live (TTL) duration. This will dictate how long the credentials are valid for.

Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.

Once you click the Submit button, a new secret lease will be generated and the credentials from it will be shown to you.

Audit or Revoke Leases

Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. This will allow you see the expiration time of the lease or delete a lease before it’s set time to live.

Renew Leases

To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the Renew as illustrated below.

Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret