Connect to Mongodb with Token

Asked

Viewed 36 times

0

My current connection file is this:

const mongoose = require('mongoose')

mongoose.connect('connect string url', { useNewUrlParser: true })
mongoose.Promise = global.Promise

module.exports = mongoose

And it works properly to read data, but to delete it is necessary to authenticate with some user who has such privileges.

However, I would not like my login and password to be exposed in the code, so I am looking for some way to connect with my user without having to expose the password.

How to do this on Mongodb? I am using lib Mongoosis.

mongodb mongoose
  • 1

    For this case you can use environment variables to leave this setting out of code.

  • Finally, I created a new user limited only to read and write in the database. Since I am using serverless, environment variable would be in serverless.yml in the same way.. There must be some other safer way inside the AWS, but for now I’ll leave it at that. If there was a token for Mongo, it would be better, but anyway..

  • 1

    the variable value does not need to be in serveless.yml, it can be set directly in the AWS panel.

  • https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html

  • But then I think it will hurt the CI/CD part, since the idea is to be automated and not need manual configuration. Not unless the key gets into gitlab and a script changes the lambda function after deploy, but I’m still finding a lot of service unnecessary. But be it with a token or login/password, the damage that someone would do would be the same, so since it is a user part and not the admin user of the account, for now it is better than nothing. Anyway, if I think ahead an automated and easy way, I come back here to talk. I thank you for all your help friend! =]

  • 1

    @gmsantos today understand exactly how to do, and yes to put in serverless.yml, and use the serverless-dotenv-plugin to manage the sending of which environment variables will be sent the function. It is also possible to use serverless pro for this, but it creates another additional function to manage some features related to Cloudformation and I didn’t like it so I preferred to use the plugin. Anyway, just coming back here giving a feedback on how I got it. Thank you very much for the help at the time, a pity I didn’t understand very well. =]

  • Good! Can you post your solution as an answer? So you help someone who has at least a problem and see your question here :)

Show 2 more comments
No answers

Browser other questions tagged mongodb mongoose

You are not signed in. Login or sign up in order to post.