MongoDB.live, free & fully virtual. June 9th - 10th. Register Now

Connection without password in open text and Client field level encryption

Greetings everyone.

We like to connect our mongodb atlas over pymongo type of driver for our program to utilize it. We couldn’t find any documentation of that without Mongo atlas username and password openly written in python file.If there is how we can achieve that to at least protect the password.

Other one is we like to run client field-level encryption with AWS as KMS but for Atlas, there is no documentation of limitation for this kind of actions while a lot of functions limited at several levels of Atlas so how we can test these functions and be sure they work before merging them to live version.

The most common pattern to avoid storing the password in the application code is to put the entire connection string in an environment variable like this:

$ export APP_URI='mongodb://user:pass@mongodb.net/?tls=true'
$ python3
>>> import os
>>> client = MongoClient(os.environ['APP_URI'])
>>> client.admin.command('ping')
{'ok': 1}

As for testing Field Level Encryption, I suggest testing your application using one of Atlas’ low cost development tiers, M10 or M20.

You may also be interested in reading the documentation page Read/Write Support with Automatic Field Level Encryption which covers all the supported read/write operations as well as the query limitations.

1 Like

We are curious can we merge existing databases to Automatic Field Level Encryption what I mean is if we migrate or change existing server settings with Automatic Field Level Encryption does existing data will get encrypted? Since it’s beta feature I am not sure how will that work?