Getting Started

This integration allows you to generate temporary, time-expiring credentials for your MongoDB database. These credentials are restricted via an access level, specified by a MongoDB role that you supply. There can be multiple access levels (and hence roles) associated with a single MongoDB database connection.

Setup

Create a MongoDB connection

To get started, head to the Connections page and click on the MongoDB tile.

Click on the MongoDB tile to get started

Click on the MongoDB tile to get started

Opal requires an administrator account to manage your MongoDB database.

Step 1 - Create the MongoDB connection

Add the hostname (no http or https should be present in the hostname) and port for your MongoDB database into the Hostname and Port fields of the connection creation form.

In order for Opal to provision temporary credentials for your MongoDB database, we'll need an administrator account with full access to your database. These administrator account credentials must be input into the Username and Password fields of the connection creation form.

You can also upload TLS certificates if needed.

Step 2 - Create a MongoDB resource and policy that specifies what the user will gain access to on your MongoDB database

After the MongoDB database connection is successfully created, navigate to the Resources page and click the '+' in the top right side. Then click Create resource.

Create a new resource for your MongoDB database connection.

Create a new resource for your MongoDB database connection.

After clicking, for the Connection Name field, click on the MongoDB connection you just created. Step through the wizard to fill out the rest of the information.

Now, in the page for the resource that was just created, navigate to the Access Levels tab. Click on Create access level.

Policy editor for a MongoDB resource.

Policy editor for a MongoDB resource.

Fill out all the fields, adding a policy with a user-defined database MongoDB role.

For example, inputting

{ "db": "admin", "roles": [{ "role": "readWrite" }, {"role": "read", "db": "foo"}] }

permits read/write to the admin database and read to the foo database. Users that start a session with this access level will gain temporary credentials with the level of access defined in this role.

After inputting all the fields, click Save. This policy can be edited later and saved, if you want to change the role.

The resource, along with its corresponding access level, is now ready to be requested by Opal users. You can create, edit, and delete multiple access levels.

Click on

Click on Edit in the access level column to edit the access level. Hover over Access Levels and click on the pen to create or delete access levels.

Once the Opal user has access, they can connect to the resource via the following interface:

Clicking Connect will generate temporary credentials to your MongoDB database.


❗️Enable Opal for access management

If you want to use Opal to manage access to MongoDB resources, you will need to enable the Manage resources and groups from Opal in the Admin page. You can read more about how to do that here.


Did this answer your question?