Docs Menu
Docs Home
/
Relational Migrator
/
Database Connections
/
Connection Strings

MongoDB Database Connection Strings

On this page

  • Atlas Connection URI
  • On-Premises Connection URI
  • Using X.509 Authentication

Note

URIs in Relational Migrator are optional. You can use the connection string forms to enter your connection details instead of manually providing URIs.

This page describes the Uniform Resource Identifier (URI) formats for defining connections to your MongoDB database.

Relational Migrator supports all MongoDB connection string options except appName. It overrides appName when connecting to your MongoDB deployment.

Important

For both Atlas and on-premises deployments, create a separate MongoDB user for Relational Migrator with readWrite access to your MongoDB database.

Atlas Connection URI

mongodb+srv://username:password@clusterurl.mongodb.net/database

For example, to use an account named migrator-service with password hunter2 to connect to the MongoEnterprises database:

mongodb+srv://migrator-service:hunter2@cluster1.abc123.mongodb.net/MongoEnterprises

On-Premises Connection URI

mongodb://username:password@host:port/database

For example, to use an account named migrator-service with password hunter2 to connect to the MongoEnterprises database:

mongodb://migrator-service:hunter2@localhost:27017/MongoEnterprises

Using X.509 Authentication

To connect to MongoDB using X.509 authentication, omit a username and password. Instead, specify the on-premises host and port or the Atlas cluster URL and set the following options:

<on-premises host:port or clusterurl.mongodb.net>?authSource=$external&authMechanism=MONGODB-X509&tlsCertificateKeyFile=/path/to/cert/client.p12&tlsCertificateKeyFilePassword=certpassword
Option
Value

authSource

$external

authMechanism

MONGODB-X509

tlsCertificateKeyFile

The path to the .p12 file that contains the certificate and key to present to the mongod or mongos instance.

IMPORTANT: Unlike other MongoDB products, Relational Migrator requires a path to a .p12 file, not a .pem file. If your certificate is saved as a .pem file, you can convert it using a tool like OpenSSL's PKCS12 command:

openssl pkcs12 -export -inkey cert_key_pem.txt -in cert_key.pem -out
cert_key.p12

tlsCertificateKeyFilePassword

The password to de-crypt the .p12 file.

tlsCAFile

Required only if the MongoDB instance has a TLS/SSL setup with its own public key infrastructure. The path to the local .pem file that contains the root certificate chain from the Certificate Authority.

For example, to connect to the MongoEnterprises database on cluster1.abc123.mongodb.net, using the certificate file /etc/ssl/caToValidateServerCertificates.p12 with the password verysecure:

mongodb+srv://cluster1.abc123.mongodb.net/MongoEnterprises?authSource=$external&authMechanism=MONGODB-X509&tlsCertificateKeyFile=/etc/ssl/caToValidateServerCertificates.p12&tlsCertificateKeyFilePassword=verysecure

Back

Connection Strings

Next

Relational Database