Charmed MongoDB

Channel Revision Published Runs on
6/stable 164 26 Mar 2024
Ubuntu 22.04
6/candidate 164 26 Mar 2024
Ubuntu 22.04
6/beta 164 26 Mar 2024
Ubuntu 22.04
6/edge 173 27 May 2024
Ubuntu 22.04
5/stable 117 20 Apr 2023
Ubuntu 22.04
5/candidate 117 20 Apr 2023
Ubuntu 22.04
5/edge 139 21 Nov 2023
Ubuntu 22.04 Ubuntu 20.04
5/edge 109 06 Mar 2023
Ubuntu 22.04 Ubuntu 20.04
3.6/stable 100 28 Apr 2023
Ubuntu 20.04 Ubuntu 18.04
3.6/candidate 100 13 Apr 2023
Ubuntu 20.04 Ubuntu 18.04
3.6/edge 100 03 Feb 2023
Ubuntu 20.04 Ubuntu 18.04
juju deploy mongodb --channel 6/stable
Show information


22.04 20.04 18.04

Charmed MongoDB Tutorials > Deploy a sharded cluster > 7. Enable security

Enable security in your MongoDB deployment

Transport Layer Security (TLS) is a protocol used to encrypt data exchanged between two applications. Essentially, it secures data transmitted over a network.

Typically, enabling TLS internally within a highly available database or between a highly available database and client/server applications, requires domain-specific knowledge and a high level of expertise. This has all been encoded into Charmed MongoDB. This means (re-)configuring TLS on Charmed MongoDB is readily available and requires minimal effort on your end.

TLS is enabled by relating Charmed MongoDB to the Self Signed Certificates Charm. This charm centralises TLS certificate management consistently and handles operations like providing, requesting, and renewing TLS certificates.

In this part of the tutorial, you will learn how to enable security in your MongoDB deployment using TLS encryption.

Disclaimer: In this tutorial, we use self-signed certificates provided by the self-signed-certificates-operator.

This is not recommended for a production environment.

For production environments, check the collection of Charmhub operators that implement the tls-certificate interface, and choose the most suitable for your use-case.

To enable encryption via TLS in a sharded cluster, we will first set up the self-signed-certificates certificate provider.

Deploy the self-signed-certificates charm as follows:

juju deploy self-signed-certificates --config ca-common-name="Tutorial CA"

Wait until the self-signed-certificates app is active with juju status --watch 1s.

Then, integrate the certificates provider with all cluster components:

juju integrate config-server self-signed-certificates
juju integrate shard0 self-signed-certificates
juju integrate shard1 self-signed-certificates

Your replica set now has encryption enabled via TLS.

Next step: 8. Clean up the environment

Help improve this document in the forum (guidelines). Last updated 3 months ago.