infisical/docs/documentation/platform/secret-rotation/mongodb-credentials.mdx

---
title: "MongoDB Credentials Rotation"
description: "Learn how to automatically rotate MongoDB credentials."
---

## Prerequisites

1. Create a [MongoDB Connection](/integrations/app-connections/mongodb) with the required **Secret Rotation** permissions
2. Create two designated database users for Infisical to rotate the credentials for. Be sure to grant each user login permissions for the desired database with the necessary privileges their use case will require.

    An example creation statement might look like:
    ```bash
    // Switch to the target database
    use my_database

    // Create first user
    db.createUser({
      user: "infisical_user_1",
      pwd: "temporary_password",
      roles: []
    })

    // Create second user
    db.createUser({
      user: "infisical_user_2",
      pwd: "temporary_password",
      roles: []
    })

    // Grant necessary permissions to both users
    db.grantRolesToUser("infisical_user_1", [
      { role: "readWrite", db: "my_database" }
    ])

    db.grantRolesToUser("infisical_user_2", [
      { role: "readWrite", db: "my_database" }
    ])
    ```

    <Tip>
        To learn more about MongoDB's permission system, please visit their [documentation](https://www.mongodb.com/docs/manual/core/security-built-in-roles/).
    </Tip>

3. Ensure your network security policies allow incoming requests from Infisical to this rotation provider, if network restrictions apply.

## Create a MongoDB Credentials Rotation in Infisical

<Tabs>
    <Tab title="Infisical UI">
        1. Navigate to your Secret Manager Project's Dashboard and select **Add Secret Rotation** from the actions dropdown.
        ![Secret Manager Dashboard](/images/secret-rotations-v2/generic/add-secret-rotation.png)

        2. Select the **MongoDB Credentials** option.
        ![Select MongoDB Credentials](/images/secret-rotations-v2/mongodb-credentials/select-mongodb-credentials-option.png)

        3. Select the **MongoDB Connection** to use and configure the rotation behavior. Then click **Next**.
        ![Rotation Configuration](/images/secret-rotations-v2/mongodb-credentials/mongodb-credentials-configuration.png)

            - **MongoDB Connection** - the connection that will perform the rotation of the configured database user credentials.
            - **Rotation Interval** - the interval, in days, that once elapsed will trigger a rotation.
            - **Rotate At** - the local time of day when rotation should occur once the interval has elapsed.
            - **Auto-Rotation Enabled** - whether secrets should automatically be rotated once the rotation interval has elapsed. Disable this option to manually rotate secrets or pause secret rotation.

        4. Input the usernames of the database users created above that will be used for rotation. Then click **Next**.
        ![Rotation Parameters](/images/secret-rotations-v2/mongodb-credentials/mongodb-credentials-parameters.png)

            - **Database Username 1** - the username of the first user that will be used for rotation.
            - **Database Username 2** - the username of the second user that will be used for rotation.

        5. Specify the secret names that the active credentials should be mapped to. Then click **Next**.
        ![Rotation Secrets Mapping](/images/secret-rotations-v2/mongodb-credentials/mongodb-credentials-secrets-mapping.png)

            - **Username** - the name of the secret that the active username will be mapped to.
            - **Password** - the name of the secret that the active password will be mapped to.

        6. Give your rotation a name and description (optional). Then click **Next**.
        ![Rotation Details](/images/secret-rotations-v2/mongodb-credentials/mongodb-credentials-details.png)

            - **Name** - the name of the secret rotation configuration. Must be slug-friendly.
            - **Description** (optional) - a description of this rotation configuration.

        7. Review your configuration, then click **Create Secret Rotation**.
        ![Rotation Review](/images/secret-rotations-v2/mongodb-credentials/mongodb-credentials-confirm.png)

        8. Your **MongoDB Credentials** are now available for use via the mapped secrets.
        ![Rotation Created](/images/secret-rotations-v2/mongodb-credentials/mongodb-credentials-created.png)
    </Tab>
    <Tab title="API">
        To create a MongoDB Credentials Rotation, make an API request to the [Create MongoDB
        Credentials Rotation](/api-reference/endpoints/secret-rotations/mongodb-credentials/create) API endpoint.

        ### Sample request

        ```bash Request
        curl --request POST \
        --url https://us.infisical.com/api/v2/secret-rotations/mongodb-credentials \
        --header 'Content-Type: application/json' \
        --data '{
            "name": "my-mongodb-rotation",
            "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "description": "my database credentials rotation",
            "connectionId": "11c76f38-cd13-4137-b1a3-ecd6a429952c",
            "environment": "dev",
            "secretPath": "/",
            "isAutoRotationEnabled": true,
            "rotationInterval": 30,
            "rotateAtUtc": {
                "hours": 0,
                "minutes": 0
            },
            "parameters": {
                "username1": "infisical_user_1",
                "username2": "infisical_user_2"
            },
            "secretsMapping": {
                "username": "MONGODB_DB_USERNAME",
                "password": "MONGODB_DB_PASSWORD"
            }
        }'
        ```

        ### Sample response

        ```bash Response
        {
            "secretRotation": {
                "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "name": "my-mongodb-rotation",
                "description": "my database credentials rotation",
                "secretsMapping": {
                    "username": "MONGODB_DB_USERNAME",
                    "password": "MONGODB_DB_PASSWORD"
                },
                "isAutoRotationEnabled": true,
                "activeIndex": 0,
                "folderId": ""b3257e1f-8d32-4e86-8bfd-b1f1bc1bf2c3"",
                "connectionId": "11c76f38-cd13-4137-b1a3-ecd6a429952c",
                "createdAt": "2023-11-07T05:31:56Z",
                "updatedAt": "2023-11-07T05:31:56Z",
                "rotationInterval": 30,
                "rotationStatus": "success",
                "lastRotationAttemptedAt": "2023-11-07T05:31:56Z",
                "lastRotatedAt": "2023-11-07T05:31:56Z",
                "lastRotationJobId": null,
                "nextRotationAt": "2023-11-07T05:31:56Z",
                "isLastRotationManual":true
                "connection": {
                    "app": "mongodb",
                    "name": "my-mongodb-connection",
                    "id": "11c76f38-cd13-4137-b1a3-ecd6a429952c"
                },
                "environment": {
                    "slug": "dev",
                    "name": "Development",
                    "id": ""170a40f1-1b48-4cc7-addf-e563aa9fbe37"
                },
                "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "folder": {
                    "id": ""b3257e1f-8d32-4e86-8bfd-b1f1bc1bf2c3"",
                    "path": "/"
                },
                "rotateAtUtc": {
                    "hours": 0,
                    "minutes": 0
                },
                "lastRotationMessage": null,
                "type": "mongodb-credentials",
                "parameters": {
                    "username1": "infisical_user_1",
                    "username2": "infisical_user_2"
                }
            }
        }
        ```
    </Tab>
</Tabs>