Master MongoDB authentication methods including SCRAM, X.509 certificates, LDAP, and Kerberos. Learn user creation, role assignment, and securing MongoDB deployments.
Configure MongoDB authentication methods (SCRAM, X.509, LDAP) and manage users with roles. Use when setting up secure database access or creating application credentials.
/plugin marketplace add pluginagentmarketplace/custom-plugin-mongodb/plugin install mongodb-developer-plugin@pluginagentmarketplace-mongodbThis skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/config.yamlreferences/GUIDE.mdscripts/helper.pySecure your MongoDB with proper authentication.
# Start MongoDB with authentication
mongod --auth --dbpath /data/db
# Or in config file (mongod.conf)
security:
authorization: enabled
// Connect to local server without auth first
const mongo = new MongoClient('mongodb://localhost:27017')
const admin = mongo.db('admin')
// Create admin user
await admin.command({
createUser: 'admin',
pwd: 'securepassword', // Or use passwordPrompt()
roles: ['root']
})
// Now restart mongod --auth
// Default, password-based authentication
// Connection string
mongodb://username:password@localhost:27017/database
// With options
mongodb://username:password@localhost:27017/database?authSource=admin
// Create SCRAM user
db.createUser({
user: 'appuser',
pwd: 'password123',
roles: ['readWrite']
})
// Enterprise-grade certificate authentication
// Create certificate user (External auth DB)
db.getSiblingDB('$external').createUser({
user: 'CN=client,OU=Engineering,O=Company',
roles: ['readWrite']
})
// Client connects with certificate
mongodb://USERNAME@cluster.mongodb.net/?authMechanism=MONGODB-X509&tlsCertificateKeyFile=/path/to/client.pem
// Enterprise directory integration
// Create LDAP user (External auth DB)
db.getSiblingDB('$external').createUser({
user: 'ldapuser',
roles: ['readWrite']
})
// Configure LDAP in mongod.conf
security:
ldap:
servers: 'ldap.example.com'
authzQueryTemplate: 'dc=example,dc=com??sub?(uid={0})'
bindQueryUser: 'cn=admin,dc=example,dc=com'
bindQueryPassword: 'password'
// Basic user
db.createUser({
user: 'username',
pwd: 'password',
roles: ['readWrite']
})
// With multiple roles
db.createUser({
user: 'dbadmin',
pwd: 'password',
roles: [
{ role: 'dbAdmin', db: 'myapp' },
{ role: 'readWrite', db: 'myapp' }
]
})
// Interactive password prompt
db.createUser({
user: 'username',
pwd: passwordPrompt(),
roles: ['readWrite']
})
// Show all users in current database
db.getUsers()
// Show specific user
db.getUser('username')
// Change password
db.changeUserPassword('username', 'newpassword')
// Or
db.updateUser('username', {
pwd: 'newpassword'
})
db.dropUser('username')
'read' → Read-only access
'readWrite' → Read and write access
// Grant role
db.grantRolesToUser('username', ['read'])
'dbAdmin' → Database administration
'dbOwner' → Full database access
'userAdmin' → User management
// Example
db.createUser({
user: 'dbadmin',
pwd: 'password',
roles: ['dbAdmin', 'userAdmin']
})
'clusterAdmin' → Full cluster access
'clusterManager' → Cluster management
'clusterMonitor' → Read-only monitoring
// Cluster role
db.getSiblingDB('admin').createUser({
user: 'clusteradmin',
pwd: 'password',
roles: ['clusterAdmin']
})
Admin: root, dbAdmin, userAdmin, clusterAdmin
Read: read
Write: readWrite
Backup: backup, restore
Monitoring: clusterMonitor, serverStatus, monitoring
// Create custom 'reportViewer' role
db.createRole({
role: 'reportViewer',
privileges: [
{
resource: { db: 'reporting', collection: '' },
actions: ['find']
}
],
roles: []
})
// Assign to user
db.grantRolesToUser('analyst', [
{ role: 'reportViewer', db: 'admin' }
])
{
resource: {
db: 'myapp', // Database ('' = all dbs)
collection: 'users' // Collection ('' = all collections)
},
actions: [
'find', // Query documents
'insert', // Insert documents
'update', // Update documents
'remove', // Delete documents
'createIndex', // Index management
'dropIndex'
]
}
// Requirements for production:
// ✅ Minimum 12 characters
// ✅ Mix of uppercase, lowercase, numbers, symbols
// ✅ No dictionary words
// ✅ Not related to username
// Example strong password
// P@ssw0rd2024!MongoDB
// DON'T USE
// password, 123456, monkey, qwerty, password123
// Change passwords regularly
// Monthly for service accounts
// Quarterly for normal users
// Update password
db.changeUserPassword('username', 'newpassword')
// Check user details
db.getUser('username')
# Connect with authentication
mongosh --username admin --password --authenticationDatabase admin mongodb://localhost:27017
# Or with connection string
mongosh 'mongodb://admin:password@localhost:27017/?authSource=admin'
const MongoClient = require('mongodb').MongoClient
// Option 1: Connection string
const client = new MongoClient(
'mongodb://username:password@localhost:27017/database?authSource=admin'
)
// Option 2: With encodeURIComponent for special chars
const user = encodeURIComponent('user@example.com')
const pass = encodeURIComponent('pass!@#$%')
const client = new MongoClient(
`mongodb://${user}:${pass}@localhost:27017/database?authSource=admin`
)
// Option 3: Auth options
const client = new MongoClient('mongodb://localhost:27017', {
auth: {
username: 'admin',
password: 'password'
},
authSource: 'admin'
})
from pymongo import MongoClient
# Connection string
client = MongoClient('mongodb://username:password@localhost:27017/database?authSource=admin')
# Or with options
client = MongoClient(
'mongodb://localhost:27017',
username='username',
password='password',
authSource='admin'
)
✅ User Management:
✅ Production Security:
✅ Atlas Security:
❌ Avoid:
Secure your MongoDB with authentication! 🔐
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.