Show/Hide Toolbars

MongoDB Notes

Navigation: Other Tools > OpenSSL

Generating a Keyfile for MongoDB

Scroll Prev Top Next More


For Internal Authentication


To generate a keyfile for use in internal authentication among MongoDB shards or replica sets, perform this command in OpenSSL (in Linux).


openssl rand -base64 755 > mk


After creating the file, change the permissions to read by owner only with this command:


sudo chmod 400 mk


For At-Rest Encryption


To generate a keyfile for local key management when using at-rest encryption of the database, perform this command in OpenSSL (in Linux)


openssl rand -base64 32 > mke


Then change the permissions to read/write by owner only:


chmod 600 mke




If the keyfile is in a directory shared between the Linux virtual machine and Windows 10, the chmod command does not work.  The solution is to move the keyfile to a directory in Linux that is not shared and then set the permissions.