ReddRadar
Agent skill
mongodb-security-admin
Master MongoDB security, authentication, authorization, encryption, and backup. Learn role-based access control, TLS/SSL, encryption, and disaster recovery. Use when securing deployments, managing users, or implementing compliance.
Install this agent skill to your Project
npx add-skill https://github.com/pluginagentmarketplace/custom-plugin-mongodb/tree/main/skills/mongodb-security
SKILL.md
MongoDB Security & Administration
Master MongoDB security and operational practices.
Quick Start
Enable Authentication
# Create admin user before enabling auth
mongod --dbpath /data --logpath /var/log/mongod.log
mongo
> use admin
> db.createUser({
user: 'admin',
pwd: 'securepassword',
roles: ['root']
})
# Restart with auth enabled
mongod --auth --dbpath /data
Authentication
// Connect with credentials
const client = new MongoClient(
'mongodb://admin:password@localhost:27017/?authSource=admin'
);
// Create application user
db.createUser({
user: 'appuser',
pwd: 'apppassword',
roles: ['readWrite']
})
Authorization (RBAC)
// Built-in roles
/*
Admin Roles:
- root: Full access
- dbAdmin: Database administration
- userAdmin: User management
Database Roles:
- read: Read-only access
- readWrite: Read and write
Cluster Roles:
- clusterAdmin: Full cluster access
- clusterManager: Cluster monitoring
- clusterMonitor: Read-only monitoring
*/
// Create user with specific role
db.createUser({
user: 'analyst',
pwd: 'password',
roles: [{ role: 'read', db: 'analytics' }]
})
// Grant multiple roles
db.grantRolesToUser('analyst', [
{ role: 'read', db: 'db1' },
{ role: 'readWrite', db: 'db2' }
])
Custom Roles
// Create custom role
db.createRole({
role: 'reportViewer',
privileges: [
{
resource: { db: 'analytics', collection: 'reports' },
actions: ['find']
}
],
roles: []
})
// Assign custom role
db.grantRolesToUser('analyst', [
{ role: 'reportViewer', db: 'admin' }
])
Encryption
TLS/SSL Setup
# Generate self-signed certificate
openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes \
-out server.crt -keyout server.key
cat server.crt server.key > server.pem
# Start MongoDB with TLS
mongod --tlsMode requireTLS \
--tlsCertificateKeyFile /path/to/server.pem \
--dbpath /data
# Connect with TLS
mongo --tls --tlsCertificateKeyFile /path/to/client.pem \
mongodb://localhost:27017
Encryption at Rest
# Enable encryption with WiredTiger
mongod --encryptionCipherMode AES256-CBC \
--encryptionKeyFile /path/to/keyfile.key \
--dbpath /data
Backup & Recovery
Backup Methods
# Backup with mongodump
mongodump --out /backup/`date +%Y%m%d`
# Backup specific database
mongodump --db myapp --out /backup/myapp
# Backup with compression
mongodump --archive=backup.archive --gzip
# Restore
mongorestore /backup/
mongorestore --archive=backup.archive --gzip
Point-in-Time Recovery with Snapshots
# Snapshot strategy
# 1. Create filesystem snapshot on replica secondary
# 2. Stop mongod
# 3. Copy snapshot to backup
# 4. Restart mongod
# 5. Use oplog for point-in-time recovery
# Restore from snapshot
# 1. Restore filesystem snapshot
# 2. Start mongod (automatic recovery)
# 3. Verify data integrity
Audit Logging
// Enable audit logging
// mongod --auditLog.destination file \
// --auditLog.format BSON \
// --auditLog.path /var/log/mongodb/audit.log
// View audit log
db.adminCommand({
getParameter: 1,
auditLog: 1
})
// Configure audit filters
// --auditLog.filter '{ atype: "authenticate" }'
User Management
// List users
db.getUsers()
// Modify user password
db.changeUserPassword('username', 'newpassword')
// Remove user
db.removeUser('username')
// Check current user
db.runCommand({ connectionStatus: 1 })
Python Examples
from pymongo import MongoClient
from pymongo.auth_mechanisms import MECHANISMS
# Connect with authentication
client = MongoClient(
'mongodb://user:password@localhost:27017/?authSource=admin'
)
# Create user
db = client['admin']
db.command('createUser', 'newuser',
pwd='password',
roles=['readWrite']
)
# Check permissions
db.command('usersInfo', 'newuser')
Security Checklist
✅ Enable authentication in production ✅ Use strong, unique passwords ✅ Implement role-based access control ✅ Enable TLS/SSL for connections ✅ Enable encryption at rest ✅ Implement audit logging ✅ Regular backup testing ✅ Network isolation (firewall) ✅ IP whitelisting ✅ Principle of least privilege ✅ Monitor access logs ✅ Keep MongoDB updated
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
pluginagentmarketplace/custom-plugin-mongodb
mongodb-find-queries
Master MongoDB find queries with filters, projections, sorting, and pagination. Learn query operators, comparison, logical operators, and real-world query patterns. Use when retrieving data from MongoDB collections.
pluginagentmarketplace/custom-plugin-mongodb
mongodb-index-creation
Master MongoDB index creation and types. Learn single-field, compound, unique, text, geospatial, and TTL indexes. Optimize query performance dramatically with proper indexing.
pluginagentmarketplace/custom-plugin-mongodb
mongodb-atlas-setup
Master MongoDB Atlas cloud setup, cluster configuration, security, networking, backups, and monitoring. Get production-ready cloud database in minutes. Use when setting up cloud MongoDB, configuring clusters, or managing Atlas.
pluginagentmarketplace/custom-plugin-mongodb
mongodb-replication-sharding
Master MongoDB replication, replica sets, and sharding for distributed deployments. Learn failover, shard keys, and cluster management. Use when setting up high availability or scaling horizontally.
pluginagentmarketplace/custom-plugin-mongodb
mongodb-crud-operations
Master MongoDB CRUD operations, document insertion, querying, updating, and deletion. Learn BSON format, ObjectId, data types, and basic operations. Use when working with documents, collections, and fundamental MongoDB operations.
pluginagentmarketplace/custom-plugin-mongodb
mongodb-indexing-optimization
Master MongoDB indexing and query optimization. Learn index types, explain plans, performance tuning, and query analysis. Use when optimizing slow queries, analyzing performance, or designing indexes.
Didn't find tool you were looking for?