Charmed MongoDB Tutorials > Deploy a sharded cluster > 5. Manage passwords
Manage passwords
When we accessed MongoDB earlier in this tutorial, we needed to include a password in the URI. Passwords help secure our database and are essential for security. Over time, it is a good practice to change the password frequently.
In this part of the tutorial, we will learn to retrieve and rotate the admin password.
Retrieve the admin password
Theoperator password can be retrieved by running the get-password action on the Charmed MongoDB application. Password management in shared Charmed MongoDB clusters is handled exclusively by the config-server, so this is where we will perform all password-related operations.
To retrieve the cluster password, run the get-passwordaction on theconfig-server`:
juju run config-server/leader get-password
Running the command should output:
Running operation 9 with 1 task
- task 10 on unit-mongodb-0
Waiting for task 10...
password: 9JLjd0tuGngW5xFKWWbo0Blxyef0oGec
The admin password is under the result: password.
Rotate the admin password
You can change theoperator password to a new random password by running the set-password action on the config-server:
juju run config-server/leader set-password
Running the command should output:
Running operation 11 with 1 task
- task 12 on unit-config-server-0
Waiting for task 12...
password: f3QkHE6QgmDLdRBonrt4vToWB7IZd4JO
The admin password is under the result: password. It should be different from your previous password.
Remember that when you change the operator password, you will also need to update the DB_PASSWORD environment variable used in the MongoDB URI.
To update the URI:
export DB_PASSWORD=$(juju run config-server/leader get-password | grep password| awk '{print $2}')
export URI=mongodb://$DB_USERNAME:$DB_PASSWORD@localhost:27018/admin
echo $URI
Next step: 6. Integrate with other applications