DEV Community

Cover image for How to add security to your MongoDB Docker Container
Blessed T Mahuni
Blessed T Mahuni

Posted on

How to add security to your MongoDB Docker Container

All databases must be secure to prevent unauthorized access to your data. For Atlas users, it is very easy to set up security for your database since most of it is automated by Atlas and all you have to do is follow a setup wizard, it gets tricky when you are hosting your own instance of mongo using the power of docker so I'm going to walk you through the steps needed to host a secure MongoDB docker container.

NB: This guide assumes you have some docker knowledge and you have docker setup in your work environment.

So first things first we need to have the MongoDB docker container up and running, this can be done with the command

docker run -d --name some-mongo \
    -e MONGO_INITDB_ROOT_USERNAME=mongoadmin \
    -e MONGO_INITDB_ROOT_PASSWORD=secret \
    mongo
Enter fullscreen mode Exit fullscreen mode

If you look closely here we are creating an instance of the mongo image (container) with the environment variables MONGO_INITDB_ROOT_USERNAME, MONGO_INITDB_ROOT_PASSWORD Setting these two variables will create a database user, The user will be created in the auth authentication database and is given the role of root which is a super user in MongoDB. Now that the MongoDB image is running with the name some-mongo we need to login into the mongo shell and create users for our databases. Run the command below to run bash on the mongo container.

docker container exec -it some-mongo bash
Enter fullscreen mode Exit fullscreen mode

Now the running terminal is bash now we need to run mongo and connect to our secure local database using the command below.

mongo mongodb://mongoadmin:secret@localhost:27017
Enter fullscreen mode Exit fullscreen mode

If everything runs correctly you should be able to see a terminal almost similar to one below depending on your system.

Mongo Terminal

Now we are running DB commands as root user we can create database users for ours databases.

To create a user for the database customers you run the following commands

use customers
db.createUser({
    user: "web-app",
    pwd: "eureka",
    roles: [{role: "readWrite", db: "customers"}]
})
Enter fullscreen mode Exit fullscreen mode

After running the above commands the database customers will now be a secure DB with user web-app. The database will now be accessible with the connection string mongodb://web-app:eureka@<host>:<port> . You can now use this connection string in your server configs or even in MongoDB Compass to browse the data.

Yay now you have a secure database on your docker container 🙌👏🙌👏

Top comments (2)

Collapse
 
jhelberg profile image
Joost Helberg

This is adding security to a docker thingy. This is not about adding security to a database. Most databases don't need 'adding security'. Just don't create a superuser is sufficient.

Collapse
 
blessedtawanda profile image
Blessed T Mahuni

A docker thingy which is your mongodb docker container