- Security >
- Encrypt User Credentials
Encrypt User Credentials¶
For configuration settings that store credentials, you can either store
the credentials in plain text or use the Ops Manager credentialstool
to encrypt the credentials. If you choose to store credentials in plain
text, reduce the permissions on the conf-mms.properties
file on each server.
Protect Plain Text Passwords
If you choose to store credentials in plain text, reduce the permissions on the conf-mms.properties file on each server.
Important
When installed with rpm or deb packages on Linux systems,
the credentialstool tool requires root (sudo) privileges,
because it reads the /etc/mongodb-mms/gen.key file. Ops Manager
uses the gen.key to encrypt sensitive data in the database and
configuration files.
Use the credentialstool to generate encrypted credentials for the MongoDB deployments:
Run the shell command to create a pair of encrypted credentials.¶
| Variable | Definition |
|---|---|
<username> |
Your MongoDB username |
<install_dir> |
Path where Ops Manager was installed. |
Enter the password when prompted.¶
The credentialstool then outputs the encrypted credential pair.
Add the encrypted credentials to the conf-mms.properties file.¶
Enter the encrypted credential pair in the
mongo.mongoUrisettings where needed.Add the
mongo.encryptedCredentialssetting and set it totrue.Example
Important
The
conf-mms.propertiesfile can contain multiplemongo.mongoUrisettings. Ifmongo.encryptedCredentialsistrue, you must encrypt all user credentials found in the variousmongo.mongoUrisettings.