MongoDB Atlas Keys
Service Name: MongoDB Atlas
Service Description: MongoDB Atlas is a fully-managed cloud database service for MongoDB, offering automated provisioning, scaling, and operations of MongoDB deployments in the cloud. It provides database as a service functionality, allowing developers to focus on application development rather than database management.
Service Address: https://www.mongodb.com/cloud/atlas
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the project level in MongoDB Atlas to limit access to specific IP addresses or CIDR blocks.
Secret Access Scope: MongoDB Atlas API keys grant programmatic access to MongoDB Atlas resources and services, allowing management of clusters, users, backups, and other Atlas features.
Secret Revokement URL: https://cloud.mongodb.com/v2#/org/{ORG_ID}/access/apiKeys
Secret Example: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG
Suspicious Activity Investigation Instructions:
- Review the MongoDB Atlas Activity Feed for unusual operations or access patterns
- Check for unauthorized cluster creation, modification, or deletion
- Monitor for unexpected user additions or permission changes
- Examine database access logs for suspicious queries or connection attempts
- Verify if any unexpected IP addresses have been added to the IP access list
Mitigation Instructions:
- Log in to the MongoDB Atlas dashboard
- Navigate to Access Manager → API Keys
- Locate the compromised API key
- Click the trash icon to delete the key
- Create a new API key with appropriate permissions if needed
- Review and update IP access lists to restrict access to trusted IP addresses only
- Enable advanced security features like multi-factor authentication
- Audit all project members and their permission levels
- Review database users and their roles to ensure proper access controls