Require authentication

[boredland]

I managed to run mongobetween between my mongodb replica and me, but wonder how if there's a way to secure that connection with a username/password.

As I understand the -username and -password options are to be only applied to the downstream connection. Is there a way? I basically would want the same password to be required, that is used to connect to the replica.

[ThatHurleyGuy]

You're correct that the -usename/-password options are applied to the connection to the actual mongo cluster. There is not currently any mechanism built into mongobetween to provide authentication to connect to it. We run it as a sidecar, so it's only accessible on the physical host it's running on which negates the need to additional auth there. If you wanted to run it on a separate host, you'll need to either build that auth in at a higher level (locking it down at the network layer) or find a way to build the authentication into mongobetween itself. As for the latter, I don't think there's any easy mechanism to do that right now unfortunately

[boredland]

Do you think it is possible to add such a functionality to the proxy and would you accept a PR for that? I am missing any relevant GO-Skills, but perhaps someone could be found - so many people are stuck with MongoDB-Atlas & AWS Lambda for example. Many of them could profit from a little container with MongoBetween running in.

[kounat]

From your mention of AWS Lambda, I'm assuming your use case is within the AWS environment. If so, I would recommend leveraging security groups to restrict access to mongobetween instead of implementing authentication.

For example, I would assign the Lambda an empty security group, and on the EC2 instance that's running mongobetween, allow ingress from the Lambda's security group.

We'd certainly be open to a PR, but I would first suggest the above approach.

[boredland]

Sadly we're currently stuck with Vercel, a cloud provider which to my knowledge wraps lambda, but surely does not allow access to anything close to running a container or defining a security group.

Our team in particular has found a solution for now and likely will migrate to a setup where we can indeed security employ a sidecar with mongobetween. But the broader mongodb community could benefit of this great project anyway.