This document says to put the database password. in the connections string. I would like to connect with a certificate because I think it is a better security model than connecting with a plain text password. I tried to use the Linux method of using two ` marks to interpret the cat command to call the secret inside the key file and it did not connect. I ran netstat twice after restarting the service and saw a time wait followed by a dropped connection. Is there a method to use a key file, or is this route not workable? If you can’t use a key file will it accept a salted hash for a connection string?
That is exactly what I am referring to, and I understand the technical reasons why the feature request is denied. My follow up for this is this. if you cannot use a key to authenticate, can you encrypt your password as a salted hash, or this also not technically possible? Thank you.
You question is on point. I started researching this also because of upcoming projects I have. Since our MongoDb is on the same server which holds only the metadata is within the server, we didn’t have a need for it. which makes it more secure by configuring MongoDb with roles such as this example.
When creating a user/password for Graylog connection to MongoDb we gave that user for this connection a role and since its within the GL server meaning its not connecting outside the server, we just ensured the user name and password were very unique. Example:
But never the less, these are good ideas/questions. Knowing with larger environments this may not be possible to have MongoDb/Graylog on the same node.
Perhaps posting here for a feature request would be ideal.