Enable TLS in your MongoDB deployment
Transport Layer Security (TLS) is a protocol used to encrypt data exchanged between two applications. Essentially, it secures data transmitted over a network.
Typically, enabling TLS internally within a highly available database or between a highly available database and client/server applications, requires domain-specific knowledge and a high level of expertise. This has all been encoded into Charmed MongoDB. This means (re-)configuring TLS on Charmed MongoDB is readily available and requires minimal effort on your end.
TLS is enabled by relating Charmed MongoDB to the Self Signed Certificates Charm. This charm centralises TLS certificate management consistently and handles operations like providing, requesting, and renewing TLS certificates.
Self-signed certificates are not recommended for a production environment.
Check this guide for an overview of the TLS certificates charms available.
In this part of the tutorial, you will learn how to enable security in your MongoDB deployment using TLS encryption.
Enable TLS
Deploy the TLS charm:
juju deploy self-signed-certificates --config ca-common-name="Example CA"
Integrate your Certificate Authority into all cluster components. In a cluster with two shards and a config-server this would be done as follows:
juju integrate config-server self-signed-certificates
juju integrate shard-one self-signed-certificates
juju integrate shard-two self-signed-certificates
Your sharded cluster now has encryption enabled via TLS.
Disable TLS
To disable TLS, just remove the integrations:
juju remove-relation config-server self-signed-certificates
juju remove-relation shard-one self-signed-certificates
juju remove-relation shard-two self-signed-certificates