Encrypt User Credentials
On this page
For configuration settings that store credentials, you can either store
the credentials in plain text or use the Ops Manager credentialstool
to encrypt the credentials. If you choose to store credentials in plain
text, reduce the permissions on the conf-mms.properties
file on each server.
Note
Protect Plain Text Passwords
If you choose to store credentials in plain text, reduce the permissions on the conf-mms.properties file on each server.
sudo chmod 600 <install_dir>/conf/conf-mms.properties
Important
When installed with rpm
or deb
packages on Linux systems,
the credentialstool
tool requires root (sudo
) privileges,
because it reads the /etc/mongodb-mms/gen.key
file. Ops Manager
uses the gen.key
to encrypt sensitive data in the database and
configuration files.
Use the credentialstool
to generate encrypted credentials for the MongoDB deployments:
Add the encrypted credentials to the conf-mms.properties
file.
Enter the encrypted credential pair in the
mongo.mongoUri
settings where needed.Add the
mongo.encryptedCredentials
setting and set it totrue
.Example
mongo.mongoUri=mongodb://da83ex3s:a4fbcf3a1@mydb1.example.net:40000/admin mongo.encryptedCredentials=true Important
The
conf-mms.properties
file can contain multiplemongo.mongoUri
settings. Ifmongo.encryptedCredentials
istrue
, you must encrypt all user credentials found in the variousmongo.mongoUri
settings.