Skip to content

MongoDB Connection String

Service Name: MongoDB

Service Description: MongoDB is a popular NoSQL database that stores data in flexible, JSON-like documents. It provides high performance, high availability, and easy scalability for applications requiring a document-oriented database structure.

Service Address: https://www.mongodb.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the database level through MongoDB Atlas IP Access Lists or through network security configurations for self-hosted instances.

Secret Access Scope: Grants full access to the specified MongoDB database or collection, allowing for read, write, update, and delete operations depending on the user permissions embedded in the connection string.

Secret Revokement URL: https://www.mongodb.com/docs/atlas/security-add-mongodb-users/

Secret Example: mongodb+srv://username:p@ssw0rd123@cluster0.mongodb.net/myDatabase?retryWrites=true&w=majority

Suspicious Activity Investigation Instructions:

  • Review MongoDB logs for unusual query patterns or high-volume data access
  • Check for unexpected database operations (mass deletions, schema changes)
  • Monitor for connections from unfamiliar IP addresses or locations
  • Examine database audit logs if enabled
  • Look for unusual authentication attempts or credential usage patterns
  • Review any changes to database user permissions

Mitigation Instructions:

  • Immediately rotate the MongoDB user password in the connection string
  • Update the connection string in all application configurations
  • Consider implementing IP whitelisting for database access
  • Review and restrict user permissions to only what's necessary
  • Enable database auditing if not already active
  • Implement network security groups to limit access to the database
  • Consider enabling MongoDB Atlas Advanced Security features if using Atlas
  • Update any cached credentials in CI/CD systems or development environments