How to manage passwords
By default, Charmed MongoDB 8 automatically generates passwords for the following internal users: operator, monitor, backup, logrotate.
You can use Juju secrets to manage passwords for these users.
See also: Juju | How to manage secrets
Create a password
Create a Juju secret containing one or more user passwords:
juju add-secret <secret-name> <username-1>=<password-1> <username-2>=<password-2>
Valid usernames: operator, monitor, backup, logrotate.
Internal users that are not included in the secret will keep the automatically-generated password.
The command above will output a secret URI similar to the example below, which you’ll need shortly:
secret:ctbirhuutr9sr8mgrmpg
Grant the secret to your replica set, or to your config server if you are using a sharded deployment:
juju grant-secret <secret-name> <application-name>
Configure system-users
Set the system-users configuration option in your replica set or config-server, to the secret’s URI obtained in the previous step:
Make sure to include the secret: prefix.
Warning: Do not set this configuration option for applications using the shard role.
juju config <application-name> system-users=secret:ctbirhuutr9sr8mgrmpg
When the system-users configuration option is set, the charm will:
- Use the content of the secret specified by the
system-usersconfig option instead of the one automatically generated. - Update the passwords of the internal
system-usersin the database.
Update passwords
To update passwords, update the value of the secret:
juju update-secret <secret-name> <username-1>=<new-password-1> <username-3>=<password-3>
In this example,
username-1’s password was updated frompassword-1tonew-password-1username-3’s password was updated from an auto-generated password topassword-3username-2’s password remains as it was when the secret was added, butusername-2is no longer part of the secret.