Starting in 1.8.1, you can use mongosync with Atlas Workload Identity Federation to authenticate connections to MongoDB clusters running on Microsoft Azure and Google Cloud Platform.
Examples
This section shows mongosync examples that use Workload Identity Federation.
In the connection string, set authMechanism to MONGODB-OIDC and set authMechanismProperties as needed:
For Microsoft Azure, set
authMechanismPropertiestoENVIRONMENT:azure,TOKEN_RESOURCE:<audience>. Note: OmitTOKEN_RESOURCEif using Microsoft Azure Kubernetes Service (AKS).For Google Cloud Platform, set
authMechanismPropertiestoENVIRONMENT:gcp,TOKEN_RESOURCE:<audience>.
Replace <audience> with the application or service that the access token is intended for. For more details, see Identity Provider Fields.
For details about connection string options, see Authentication Options.
Connect to MongoDB Clusters Using Microsoft Azure Instance Metadata Service
The following mongosync example connects to MongoDB clusters using Microsoft Azure Instance Metadata Service (IMDS):
./bin/mongosync \ --logPath /var/log/mongosync \ --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:https://www.example.com" \ --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:https://www.example.com"
Connect to MongoDB Clusters Using Microsoft Azure Kubernetes Service
To connect to MongoDB clusters using Microsoft Azure Kubernetes Service, define these environment variables:
Environment Variable | Description |
|---|---|
| Azure tenant identifier. |
| Azure application client identifier. |
| Azure client identifier of the managed identity to authenticate with. |
| Azure federated token file path. |
For details about Azure and the variables, see the Microsoft Azure documentation.
The following mongosync example defines the environment variables and connects to MongoDB clusters:
AZURE_TENANT_ID=08206ab8-16a0-406d-85e4-2f15f5620fac \ AZURE_APP_CLIENT_ID=b6c835da-e536-425b-9405-64bc471e245b \ AZURE_CLIENT_ID=f176d4eb-7dcd-4f66-bccf-aaa316ee61fd \ AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token \ ./bin/mongosync \ --logPath /var/log/mongosync \ --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure" \ --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure"
TOKEN_RESOURCE isn't required for this example.
Connect to MongoDB Clusters in Google Cloud Platform
The following mongosync example connects to MongoDB clusters in Google Cloud Platform:
./bin/mongosync \ --logPath /var/log/mongosync \ --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:https://www.example.com" \ --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:https://www.example.com"
No environment variables are required for Google Cloud Platform.