How to manage passwords¶
By default, Charmed MongoDB 8 automatically generates passwords for the following internal users: charmed-operator, charmed-stats, charmed-backup, charmed-logrotate.
You can use Juju secrets to manage passwords for these users.
See also
Set passwords¶
Create a Juju secret containing one or more user passwords:
juju add-secret <secret-name> <username-1>=<password-1> <username-2>=<password-2>
Note
Valid usernames: charmed-operator, charmed-stats, charmed-backup, charmed-logrotate.
Internal users that are not included in the secret will keep the automatically-generated password.
The command above will output a secret URI similar to the example below, which you will need shortly:
secret:ctbirhuutr9sr8mgrmpg
Grant the secret to your replica set, or to your config server if you are using a sharded deployment:
juju grant-secret <secret-name> <application-name>
Configure system-users¶
Set the system-users configuration option in your replica set or config-server, to the secret’s URI obtained in the previous step:
Tip
Make sure to include the secret: prefix.
Caution
Do not set this configuration option for shards.
juju config <application-name> system-users=<secret_URI>
When the system-users configuration option is set, the charm will:
Use the content of the secret specified by the
system-usersconfig option instead of the one automatically generated.Update the passwords of the internal
system-usersin the database.
Update passwords¶
To update passwords, update the value of the existing secret:
juju update-secret <secret-name> <username-1>=<new-password-1> <username-3>=<password-3>
In this example,
username-1’s password was updated frompassword-1tonew-password-1username-3’s password was updated from an auto-generated password topassword-3username-2’s password remains as it was when the secret was added, butusername-2is no longer part of the secret.