MongoDB Atlas is one of the supported plugins for the HashiCorp Vault Database Secrets Engine and allows for the programmatic generation of unique, ephemeral MongoDB Database User credentials in MongoDB Atlas Projects.
The plugin is included from version 1.4 of Vault.
Please note: If you would like to install a different version of this plugin than the one that is bundled with Vault, versions v0.2.0 onwards of this plugin are incompatible with Vault versions before 1.6.0 due to an update of the database plugin interface.
Support for the HashiCorp Vault Database Secrets Engine - MongoDB Atlas is provided under MongoDB Atlas support plans. Please submit support questions within the Atlas UI. Vault support is via HashiCorp.
Bugs should be filed under the Issues section of this repo.
Feature requests can be submitted in the Issues section or directly to MongoDB - just select the Vault plugin as the category or vote for an already suggested feature.
- Database Secrets Engine for MongoDB Atlas - Docs
- Database Secrets Engine for MongoDB Atlas - API Docs
- MongoDB Atlas Website
- Vault Website
Please note: HashiCorp takes Vault's security and their users' trust very seriously, as does MongoDB.
If you believe you have found a security issue in Vault or with this plugin, please responsibly disclose by contacting HashiCorp at [email protected] and contact MongoDB directly via [email protected] or open a ticket (link is external).
In order to perform acceptance testing, you need to provide all of the necessary information to
connect to a MongoDB Atlas Project. All ATLAS_* environment variables must be
provided in order for the acceptance tests to run properly. A cluster must be
available during the test. A
free tier cluster
can be provisioned manually to test.
| Environment variable | Description |
|---|---|
| ATLAS_PUBLIC_KEY | The Atlas API public key |
| ATLAS_PRIVATE_KEY | The Atlas API private key |
| ATLAS_PROJECT_ID | The desired project ID or group ID |
| ATLAS_CLUSTER_NAME | The desired cluster's name, e.g., vault-project.xyz.mongodb.net |
| ATLAS_ALLOWLIST_IP | The public IP of the machine that the test is being performed |
Then you can run make testacc to execute the tests.
All pull requests that introduce a user-facing change must include a changelog entry. We use the changie tool to manage these entries and automate the release process.
You only need to do this once. If you don't have changie installed, choose one of the options below.
- Homebrew (macOS):
brew install changie
- Go Install:
go install github.com/miniscruff/changie@latest
- Other Methods: See the official changie installation guide for other options, including pre-compiled binaries.
Once your code changes are complete, create the changelog entry:
-
Run the command in your terminal:
changie new
-
Follow the prompts. An interactive prompt will ask you to select the kind of change (e.g.,
BREAKING CHANGES,NOTES,FEATURES) and write a concise description of what you changed. -
Commit the new file. After you're done,
changiewill create a new YAML file in the.changie/unreleaseddirectory. Commit this file along with your other code changes before submitting your pull request.