MongoDB Notes

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Generating a Keyfile for MongoDB

For Internal Authentication

To generate a keyfile for use in internal authentication among MongoDB shards or replica sets, perform this command in OpenSSL (in Linux).

openssl rand -base64 755 > mk

After creating the file, change the permissions to read by owner only with this command:

sudo chmod 400 mk

For At-Rest Encryption

To generate a keyfile for local key management when using at-rest encryption of the database, perform this command in OpenSSL (in Linux)

openssl rand -base64 32 > mke

Then change the permissions to read/write by owner only:

chmod 600 mke

Issues

•If the keyfile is in a directory shared between the Linux virtual machine and Windows 10, the chmod command does not work. The solution is to move the keyfile to a directory in Linux that is not shared and then set the permissions.