Backup with mongodump protecting the credentials

[KCOtzen]

Security is very important in production deployment, so i was
wondering if is there some option in mongodump for protecting the
credentials?

For instance, this is a normal use of mongodump:

./mongodump --host dbh46.excelsys.com --db mydb --collection user -u
userbank -p secretpass

In this case we expose username and password, that's not good.

Is there something like this?--->http://blog.gazzang.com/blog/bid/
87472/Running-a-Secure-Encrypted-MySQL-Backup-Using-mysqldump-on-Linux

where the credentials are encrypted and a file is used as follow:

mysqldump –defaults-extra-file=/home/mfrank/protectedlogin.cnf –all-
databases


I would like to schedule the backups, so it's important to us protect
the credentials.

Thanks

[Spencer T Brody]

There is nothing like this built into MongoDB at this time.  You could create a file with the username and password and encrypt it and have your backup script decrypt the file and pass the results into mongodump, but that still requires the backup script to have the password to decrypt the file with the mongo credentials.  If you're worried about someone being able to change the data if they get access to the credentials used by the backup process, you could create a read-only user and use that for backups instead.

[Spencer T Brody]

I do not believe this is currently planned, but if it's something you're interested in you can open a feature request at jira.mongodb.org

On Tue, May 22, 2012 at 10:39 AM, KCOtzen <castu...@gmail.com> wrote:

Thanks Spencer.

Do you know whether or not this is considered in the roadmap?

Because with your tip I'm covering problems related to data changes.
But I still could have problem about data theft.

Thanks.

[KCOtzen]

Spencer:
Hi again, I've created this issue:

https://jira.mongodb.org/browse/SERVER-5897

Thanks!