Documentation
Guides
HomePortalStatus
Start typing to search…

Access to a MongoDB server

🛡️ Intro

In this example, we'll secure access to an Mongodb server using Border0. We support regular Mongodb servers as well AWS Document store.


We'll walk through the following steps together:

  1. Launch an Mongodb server using Docker
  2. Create a Mongodb socket and link it to our connector
  3. Authenticate and connect
  4. Watch the recording
  5. Use the Border0 Desktop app to access your database

1 - Run a local Mongodb server with Docker

You can make any MongoDB server available with Border0; for testing purposes, we'll use an MongoDB Docker container as the server.

👍

It works through NAT and Firewalls

Don't worry if your laptop is behind NAT. Border0 works perfectly fine with resources that are behind NAT.

docker run -d --rm \
   --name mongodb-server \
   -p 27017:27017 \
   -e MONGO_INITDB_ROOT_USERNAME=admin \
   -e MONGO_INITDB_ROOT_PASSWORD=My-secret-pw \
 mongo:latest

This command starts an MongoDB server with My-secret-pw as the password.
Before we continue, let's make sure the MongoDB container started OK and test connecting to the server locally as user admin with password My-secret-pw:

mongosh "mongodb://admin:[email protected]:27017/admin"

Once connected, we can insert some data as shown below:

db.users.insertMany([ { name: "Alice", age: 28 }, { name: "Bob", age: 35 }] );

Then, test whether the document was inserted properly by querying for it:

admin> db.users.find({ name: "Alice" });
[
  { _id: ObjectId('6872e0c2cf42d322d02357ee'), name: 'Alice', age: 28 }
]

2 - Create an MongoDB socket and link it to your connector.

Now that we have a working MongoDB server for our example, it's time to create an MongoDB socket and link it to our connector.


  • In the Sockets page, click on Add New Socket and select MongoDB.
  • Set a name and, optionally, a description.

Upstream Configuration
Here we can configure how your connector connects and authenticates to the upstream server.

  • Select standard for Service type.
  • For our example, we'll use the hostname localhost and port 27017. Adjust as needed for your environment.
  • For authentication we can use "Username and Password", but we also support TLS, No Auth and for AWS IAM.
  • Credentials, in our example we used admin and My-secret-pw Adjust as needed for your environment.
  • Connector: Select your connector from the list.

That's it, now click the Create New Socket button. You should now have access to your MongoDB server.


📘

Securing your credentials

In this example, we provided the credentials directly to the Border0 API. These credentials are needed for the connector running in your environment to establish a secure upstream connection to the server. While Border0 stores these credentials in encrypted form, we strongly recommend that you keep them local to the connector.
You can have the Border0 connector integrated with your secret management solution for enhanced security and keep your secrets local. Learn more about this in our guide:

https://docs.border0.com/docs/using-secret-managers-to-store-credentials

If you experience any issues with your new socket, it's typically because it can't connect to the upstream database. To troubleshoot, take a look at the connector logs as described here

3 - Connecting to Your MongoDB Server

Next up, let's connect to our MongoDB server through Border0.

📘

Using policies to control access to MongoDB servers

Controlling access to MongoDB servers can be achieved using Border0 policies. For MongoDB specifically, make sure to enable database permissions in your policy.
Currently, there are no document-specific policy options, as there are with MySQL or Postgres.

For the fastest and most seamless experience, use our desktop app. It simplifies the process of discovering your MongoDB server. After finding the socket, the socket name is copied to your clipboard.

Launch access using the Border0 desktop app

Launch access using the Border0 desktop app

Using Mongosh to access your MongoDB socket

Once you have copied the socket name, open your terminal or a browser to query your MongoDB server, in my case i called it mongodb:

mongosh "mongodb://mongodb:27017/admin"

$ mongosh "mongodb://mongodb:27017/admin"

Current Mongosh Log ID:	6872e243005eed0fcb73fe07
Connecting to:		mongodb://mongodb:27017/admin?directConnection=true&appName=mongosh+2.3.8
Using MongoDB:		8.0.4
Using Mongosh:		2.3.8
mongosh 2.5.5 is available for download: https://www.mongodb.com/try/download/shell

For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/


admin> db.users.find({ name: "Bob" });
[
  {
    _id: ObjectId('683df902aefc3d5f9f586dc5'),
    name: 'Bob',
    age: 38,
    email: '[email protected]',
    city: 'Toronto'
  },
  {

4 - Review Session Details and Recordings

To review your MongoDB session, open the Border0 portal and select the corresponding database socket. Go to the Sessions tab and find your session. Clicking on the session will display a recording of the activity. This recording details the SSO identity used (who connected), the originating IP address, the device, connection time, and a complete log of all executed queries.

Elasticsearch Session recording in Border0 portal

MongoDB Session recording in Border0 portal

Troubleshooting

If you encounter any issues with your new socket, it's typically because it can't connect to the upstream database. To troubleshoot that take a look at the connector logs as described here

If that doesn't help resolve the issue, feel free to contact us, and we'd be happy to help you troubleshoot.

Updated about 18 hours ago