MongoDB Blog
Announcements, updates, news, and more
Backup MongoDB Enterprise Advanced via Cohesity or Rubrik
In a world where software drives business strategy, data resilience has become a core business imperative. In fact, 90% of IT and security leaders report their organizations experienced a cyberattack in the past year, with 18% facing more than 25 attacks. 1 Every mission-critical workload must be secure, compliant, and able to recover quickly from any disruption. To help customers meet these demands, MongoDB is introducing a major data resilience enhancement: third-party backup integrations in MongoDB Enterprise Advanced . As the most flexible way to run MongoDB across on-premises, private, or hybrid cloud environments, MongoDB Enterprise Advanced now makes it even easier to integrate with customers’ existing enterprise backup tools. Previously, MongoDB Enterprise Advanced customers relied on our self-hosted database management platform, MongoDB Ops Manager , to handle backup and restore operations. For the first time, MongoDB Ops Manager now supports certified integrations with trusted vendors Cohesity and Rubrik . This enables organizations to unify MongoDB backups with the platforms they already use, streamlining operations and reinforcing existing resilience and compliance strategies. Streamlined and secure backups for enterprises As modern applications grow more complex, backup requirements scale alongside them. Enterprises managing multi-terabyte workloads or operating in highly regulated environments often need tailored solutions that match their infrastructure standards and processes. Policies may also require cold storage, where backup snapshots are stored for the long term. Cohesity DataProtect and Rubrik Security Cloud are two trusted solutions for securely backing up large volumes of data and recovering with minimal downtime. While MongoDB Ops Manager offers native backup features, these integrations provide alternatives for customers with specific vendor preferences or compliance mandates without compromising on resilience or speed. These integrations enable customers to run MongoDB on-premises or in private or hybrid clouds and: Reduce complexity by consolidating backup management into existing enterprise tools. Streamline recovery using familiar vendor platforms optimized for scale. Support compliance through enterprise-grade features like backup immutability and policy enforcement. Deliver greater support for sophisticated backup policies, including long-term storage of snapshots. Easy startup Getting started with third-party backup integrations for MongoDB Enterprise Advanced is straightforward. While the bulk of the configuration is handled on the backup provider’s side (Cohesity DataProtect or Rubrik Security Cloud), there are a few setup steps within Ops Manager to ensure a successful integration: Enabling the integration: Setting a feature flag to enable third-party backup management. Generating API keys: Creating global and project-level API keys to enable secure communication with MongoDB Ops Manager. Installing MongoDB Agents: Deploying the MongoDB Ops Manager agent on each server in the cluster. Setting permissions: Verifying that agents have read/write access to the configured directory. Connecting third-party software: Using the generated API keys to integrate with Cohesity DataProtect or Rubrik Security Cloud. Synchronizing system clocks: Ensuring consistent timestamps across machines using Network Time Protocol. Configuring the oplog export path: Defining a directory for MongoDB to store oplog data. Activating monitoring and backup: Turning on both services for each server. Marking the deployment as third-party managed: Using the UI or API to flag the cluster. For detailed setup and integration guidance, refer to the MongoDB Ops Manager documentation , as well as the Cohesity demo and Rubrik demo . With these steps complete, backup operations are managed through the third-party platform—no additional complexity inside MongoDB. For more information on these integrations, check out the announcements from Cohesity and Rubrik .
Now in Public Preview: The MongoDB for IntelliJ Plugin
The MongoDB for IntelliJ plugin empowers Java developers to build and ship applications quickly and confidently by enhancing the Database Explorer experience in the IntelliJ IDEA. After first announcing the plugin in private preview at .local London in the fall of 2024, we’ve partnered with our friends at JetBrains to release a new and improved experience in public preview. Using the MongoDB for IntelliJ plugin, developers can analyze their application code alongside their database, accelerating query development, validating accuracy, and highlighting anti-patterns with proactive performance insights. What’s in the MongoDB for IntelliJ plugin? As part of the public preview, we’re committed to ensuring that the MongoDB for IntelliJ plugin not only meets developers' technical requirements but also paves the way for a seamless developer experience with MongoDB Atlas . The MongoDB for IntelliJ plugin Public Preview offers developers the following capabilities: Field-level autocompletion for Java queries - Auto-suggests field names from MongoDB collections as developers write queries. Schema and type validation - Surfaces inline warnings when query values don’t match the expected field type based on the collection schema, and validates that a field exists in your collection’s schema. Java query execution in IntelliJ console - Allows developers to test Java queries with a single click without needing to switch tools or translate syntax. Proactive anti-pattern detection - Identifies potential performance issues (such as a query missing an index) and provides inline warnings and documentation links. Spring and Java driver support - Supports query syntax across popular Java patterns, criteria API, and aggregation patterns. Code smarter with your AI - Plugin-generated linting insights help your in-IDE AI assistant detect and resolve code issues. Figure 1. Code smarter with your AI. Benefits of using the official MongoDB for IntelliJ plugin Java development often involves working with complex, evolving data models, making MongoDB’s flexible document model an ideal choice for Java applications' data layer. The plugin provides developers with a unified experience for building with MongoDB directly inside IntelliJ, enabling faster and more focused development. By eliminating the need to switch between IntelliJ and external tools, the plugin streamlines query development and testing workflows. Features like field-level autocomplete and inline schema validation reduces errors before runtime, allowing developers to build and validate MongoDB queries with confidence and speed. Whether writing queries with the MongoDB Java driver, Spring Data, or aggregation pipelines, the plugin provides context-aware suggestions and real-time feedback that accelerate development. Additionally, the plugin proactively flags common MongoDB query anti-patterns—such as missing indexes or inefficient operators—within your line of code, helping teams catch performance issues before they hit production. With the ability to test queries directly in the IntelliJ MongoDB console and view execution metadata like query plans and durations, the plugin brings performance awareness and code correctness to where developers actually write the code for their applications. How to get started with the MongoDB for IntelliJ plugin You can get started using the MongoDB for IntelliJ plugin through the JetBrains marketplace . Questions? Feedback? Please post on our community forums or through UserVoice . We value your input as we continue to develop a compelling offering for the Java community.
Introducing Kingfisher: Real-Time Secret Detection and Validation
Foreword from Kingfisher’s developer As a Staff Security Engineer at MongoDB, I spend a lot of time thinking about how to further harden the environments that our customers rely on to protect their data. Central to that is detecting and managing exposed secrets before they turn into security risks. My role involves using an array of tools, from static code analyzers 1 to secrets managers. 2 However, I have never been fully satisfied with the tools at my disposal. Frustrated by the performance issues, limited flexibility, and high false positive rates of existing open source secret scanners, I started building my own tool in July 2024. Ten months later, that project became Kingfisher , an open-source secret scanner that goes beyond detection. It also verifies the validity of the secrets it detects. What began as a pet project has grown into a core component of MongoDB’s internal security workflows. Kingfisher now helps MongoDB’s engineering teams rapidly scan and verify secrets across Git repositories, directories, and more. Kingfisher, along with moving to short-term credentials, is our answer to the growing challenges of stolen credentials and credential-stuffing attacks. I am happy to announce that we are now releasing Kingfisher to the broader community so all developers and security teams can benefit from it. And by releasing Kingfisher as open source, we’re continuing a tradition that goes back to MongoDB’s roots—empowering developers through open, accessible tools. What is Kingfisher? Kingfisher is a high-performance, open-source secret scanning tool that combs through code repositories, Git commit histories, and file systems. Kingfisher performs this to rapidly uncover hard-coded credentials, API keys, and other sensitive data. It can be used seamlessly across GitHub and GitLab repositories, both remote and local, as well as files and directories on disk, helping security teams quickly catch exposed secrets wherever they live. However, Kingfisher goes a step beyond traditional secret scanners. Most tools simply flag anything that may look like a secret, which means engineers need to sift through false positives. Kingfisher is different. It actively validates the secrets it detects by testing them against external systems, such as the relevant cloud services or API endpoints. This dynamic approach helps identify which secrets are truly active and, thus, high-risk. Figure 1. An example of an active AWS secret access key detected and validated by Kingfisher. Figure 2. An example of an inactive Slack app token discovered and validated by Kingfisher. Figure 3. An example scan summary produced by Kingfisher showing one active secret and four inactive secrets detected. Kingfisher is designed for on-premises use, running entirely within the user’s own infrastructure. As a result, discovered secrets never leave the environment or pass through a third-party service. This ensures that developers and security teams retain full control over sensitive data without inheriting a third party’s security posture or introducing yet another external store of credentials. Kingfisher is also cloud-agnostic: It verifies credentials from AWS, Azure, Google Cloud, and any other platform in use. Unlike cloud provider-specific tools that overlook cross-cloud risks, Kingfisher supports security teams’ unified visibility and control, no matter where secrets live. Built with both performance and security in mind, Kingfisher combines extremely fast pattern matching, source code parsing, entropy analysis, and real-time validation. This all reduces noise to surface only what actually matters. It is designed for practical, real-world use, whether scanning a single repo or integrating it into a larger CI/CD pipeline. Why MongoDB built Kingfisher The threat landscape is constantly evolving, and credential-related attacks are on the rise. Stolen credentials are frequently sold on underground markets. Attackers use automated tools to launch credential-stuffing attacks that can lead to unauthorized access and serious data breaches. Traditional secret-scanning tools have not kept up. Such tools often flood teams with false positives, are slow to run, and do not confirm whether a detected secret remains active or dangerous. This means developers and security teams waste time and effort chasing down dead ends while missing actual threats. Kingfisher was built to solve this challenge. It is fast, lightweight, and designed to detect exposed secrets. It then validates them in real time by checking whether the secret remains active. By cutting through the noise and focusing on active risks, Kingfisher enables teams to respond faster and protect systems effectively. Kingfisher also helps security teams progress toward higher Supply-chain Levels for Software Artifacts (SLSA) compliance. It does this by supporting secure configuration management through proactive detection and verification of exposed secrets across codebases and repositories. At the foundational level, it supports SLSA’s core requirement of preventing secrets from being embedded in source code. This is one of the most common and critical vulnerabilities in the software supply chain. For organizations targeting SLSA Levels 2 and above, Kingfisher also helps strengthen source code integrity by reducing the risk of malicious or accidental secret exposure, which could compromise the trustworthiness of builds. Secure configuration management is a critical part of achieving higher SLSA levels. Kingfisher helps teams adopt these best practices by helping keep secrets out of source code and managing them securely throughout the development lifecycle. Figure 4. Runtime chart comparing Kingfisher with two other popular open-source secrets scanning tools. The runtime chart above presents the results of internal testing conducted by MongoDB engineers. It compares Kingfisher against two other popular open-source secret scanning tools: TruffleHog and GitLeaks . In this comparison, lower runtime values indicate superior performance. This underscores Kingfisher’s balance of speed and robust, real-time secret validation. How Kingfisher works Kingfisher is built in Rust, which was chosen for its speed, safety, and concurrency capabilities. Initially inspired by and built on top of a forked version of the Apache 2 licensed " Nosey Parker " code, Kingfisher re-engineers and extends its foundation with modern, high-performance technologies. Kingfisher’s features include: table, th, td { border: 1px solid black; border-collapse: collapse; } th, td { padding: 5px; } Feature Description Rust-powered performance Writing Kingfisher in Rust maximizes performance while providing memory safety. This makes it ideal for scanning large codebases without sacrificing reliability. High-speed regex matching with Hyperscan Kingfisher uses Hyperscan to handle complex and high-volume pattern matching. This engine delivers high-speed regular expression matching that enables real-time scanning on the largest code repositories. Multi-language source parsing with Tree-sitter Kingfisher employs Tree-sitter to parse source code accurately across 20+ programming languages. This enables Kingfisher to understand language-specific syntax, reducing false positives and improving detection accuracy. Efficient scanning engine In addition to its advanced parsing and regex capabilities, Kingfisher uses multi-threaded scanning to traverse files, commit histories, and binary blobs. Custom-built rules combine pattern matching with Shannon entropy checks 3 , flagging only high-confidence secret exposures. Dynamic validation Once a potential secret is detected, Kingfisher validates it by performing external checks. This includes testing database connectivity and calling cloud service APIs to confirm whether the secret is active and poses an immediate risk. Extensible rulesets Kingfisher supports a rich set of rules defined in YAML files. These rules describe the patterns and metadata to look for. This includes confidence levels, examples, and dependency rules to provide nuanced secret detection and validation. Integration ready Kingfisher is designed to be easily integrated into automated CI/CD pipelines and be used in conjunction with GitHub’s secret scanning program. This enhances its role as part of a comprehensive security strategy. How MongoDB uses Kingfisher internally At MongoDB, Kingfisher plays a critical role in safeguarding code repositories and internal systems. As part of the company's comprehensive security strategy, Kingfisher is used across various stages of MongoDB’s development and deployment pipeline. This helps secure MongoDB’s codebase and complements our move away from long-lived secrets. Below are four key ways Kingfisher is used at MongoDB: Pre-commit scanning: MongoDB developers run Kingfisher locally to catch accidentally hard-coded secrets before they commit code. CI/CD integration: Kingfisher is integrated into MongoDB’s continuous integration and deployment (CI/CD) pipelines. Thus, it automatically ensures that every build is scanned for potential secret exposure. Historical code analysis: Kingfisher scans Git commit histories to identify and remediate legacy exposures in MongoDB’s code repositories. Cloud and database validation: Kingfisher automatically tests whether a detected credential is still valid using its dynamic validation capabilities. This allows MongoDB engineers to take immediate action if a secret has been compromised. Get started with Kingfisher The development—and now release—of Kingfisher represents a major leap forward in MongoDB’s approach to securing code and infrastructure. More than a tool, it embodies our ongoing commitment to contribute open-source solutions that empower organizations to protect their critical assets against evolving cyber threats. Kingfisher builds on a solid foundation and introduces significant improvements. This includes: Real-time secret validation Enhanced accuracy with source code parsing with Tree-sitter, Over 700 rules for detecting and validating a broader range of secrets, Cross-platform support for macOS, Linux, and Windows To learn more about Kingfisher and start using it in your own workflows, visit our GitHub repository for detailed documentation and join the community discussions. 1 Tools that examine source code without executing it to identify potential errors, vulnerabilities, or code quality issues. 2 Tools used to securely store, manage, and access sensitive information like API keys, credentials, and tokens. 3 A method of measuring randomness in a string, often used to identify high-entropy values like passwords or API keys that may indicate a secret.
Digital Receipts: Mining for Customer & Business Insight with MongoDB
Imagine walking out of your favorite store and moments later receiving a personalized recommendation for a matching item, based not only on what you just bought, but your entire purchase history. This level of tailored experience has long been difficult to achieve in brick-and-mortar retail, but that’s changing thanks to digital receipts. Digital receipts are gaining traction, with Realtimes UK reporting that a quarter of UK retailers now offer them exclusively . In physical stores, traditional paper receipts represent missed opportunities: static, one-time records that serve little purpose beyond proof of purchase. In contrast, digital receipts unlock a dynamic stream of customer insights, which are a gateway to AI-powered personalization, enabling retailers to transform sales data into timely, relevant recommendations. Retailers are also seeing greater adoption of their customer loyalty apps by embedding features like digital receipts and personalized offers, giving shoppers more reasons to engage after leaving the store. Retailers are increasingly investing in digital receipts, and MongoDB enables them to digitize in-store transactions, understand shopper behavior, and deliver personalized product suggestions immediately after checkout. With MongoDB’s flexible document model , retailers can efficiently store and analyze rich transactional data, powering real-time personalization and adaptive customer experiences. It’s a smarter, data-driven approach to customer engagement, built for the physical retail world. The challenge in capturing the in-store customer journey Personalized shopping experiences are a proven driver of customer loyalty and revenue, but to deliver them effectively, retailers need a complete view of each customer’s journey. For retailers who have a brick-and-mortar presence, that’s where the gap lies. Today, many retailers are making personalization decisions based on incomplete data. While loyalty programs and customer profiles may capture some purchase history, in-store transactions often go unrecorded or take too long to turn into actionable insights. Paper receipts dominate the checkout process, and without a digital trail, these interactions are lost to the retailer’s systems. This means that even a highly engaged, in-store shopper may appear invisible when it comes to targeting and recommendations. The impact of this is twofold. First, it limits the retailer’s ability to offer relevant product suggestions, personalized promotions, or timely follow-ups, missing key opportunities to increase basket size and repeat visits. Second, it affects the customer experience, particularly in the retailer’s mobile app. Shoppers who frequent physical stores often find that their app doesn’t reflect their recent purchases or preferences, making it feel disconnected and less useful. By digitizing receipts, retailers can close this gap. Every in-store purchase becomes a rich source of insight, directly tied to the customer profile. This enables more accurate, real-time personalization, both right after checkout and in future interactions. It also adds meaningful value to the retailer’s mobile app: customers see their full purchase history, receive smarter recommendations, and access personalized offers that feel relevant. The business impact is significant: better personalization drives more revenue, while a more engaging app experience leads to higher adoption, increased usage, and stronger loyalty. Getting the most out of day-to-day data: Building a digital receipt solution Retailers aiming to enhance personalization must first digitize in-store transactional data, particularly the information generated at checkout from point-of-sale (POS) systems. However, the majority of existing POS systems have fixed, non-changeable data formats, designed primarily for payment processing. These systems often vary across store locations, lack integration with customer profiles, and don't support rapid data access. To address these challenges, retailers should centralize transaction data from all stores into a consistent and accessible format. Ensuring each purchase is reliably linked to a customer identity, through loyalty sign-ins or digital prompts, and storing that information in a manner that supports immediate, personalized engagement is crucial. Integration with POS systems is essential, allowing retailers to capture transaction data instantly and store it. A flexible document model (like MongoDB’s) stores structured, unstructured, and AI-ready data in one format, making it ideal for managing complex customer profiles and purchase histories. It captures detailed transaction data, including items, prices, context, and nested info like product attributes, preferences, and loyalty activity, all within a single document. Figure 1. MongoDB’s document model contains the data used to render the digital receipts. This image shows how MongoDB's document model supports digital receipts by instantly ingesting all receipt details. It features a MongoDB document (left) containing both purchased product information and personalized recommendations, and the digital receipt on PDF (right). It also makes the data instantly usable for personalization engines and AI models, without the need for heavy transformation or complex joins across multiple systems. Should the retailer have several different brands or types of PoS systems which data in different formats, the flexible document model allows them to be combined more easily, including fast onboarding if new types are introduced. Seamless integration allows connectivity with existing POS systems and third-party analytics tools, reducing friction in adoption. MongoDB enables this through features like real-time data ingestion with change streams, flexible data connectors for systems like Kafka, and an API-driven approach that supports REST. Combined with MongoDB Atlas ’s multi-cloud deployment support, retailers can connect and scale across diverse infrastructures without needing to re-architect their existing systems. Retailers can surface digital receipts directly in the customer-facing app, enhancing the post-purchase experience. Shoppers gain instant access to their full purchase history, enabling features like receipt lookups, easy reorders, warranty tracking, and personalized product suggestions. This drives more app adoption and keeps customers engaged beyond the store visit. To support this experience at scale, retailers need an architecture that can handle high volumes of receipt data from numerous store locations. MongoDB Atlas supports this through horizontal scalability and workload isolation, ensuring operational workloads like customer app interactions remain fast and reliable as data grows. Some retailers optimize storage by keeping receipt metadata in MongoDB while storing the full receipt in an object store like Azure Blob Storage or Google Cloud Storage, enabling a cost-effective approach. Figure 2. Architecture diagram showing the Digital Receipts components. MongoDB’s ability to serve real-time queries with low latency ensures that every tap or search in the app feels instant, helping reinforce customer trust and satisfaction. This makes the app not just a digital companion but a key driver of loyalty and repeat visits. By making digital receipts easily accessible in the app, alongside personalized recommendations and seamless post-purchase interactions, retailers create a more engaging and convenient experience that keeps customers coming back. Increased app adoption leads to more touchpoints, better data collection, and more opportunities to upsell or cross-sell, ultimately boosting revenue and retention. A notable example of a retailer leveraging MongoDB for digital receipts is Albert Heijn, the largest supermarket chain in the Netherlands . By utilizing MongoDB Atlas, Albert Heijn developed a digital receipts feature within their customer-facing app, providing shoppers with real-time and historical insights into their in-store purchases. This adoption of MongoDB Atlas led to annual savings of 25%, improved developer productivity, and a more efficient customer experience. Retailers use digital receipt data to improve personalized recommendations by combining purchase history, preferences, and behavior. Digitized receipts enable tracking of items, frequency, and context, allowing real-time linking of in-store purchases to customer profiles for more accurate, timely offers. Figure 3. Diagram showing the Digital Receipts process flow. The image illustrates the digital receipts process: 1. A customer makes a purchase in-store, 2. receives a digital receipt via email or SMS, 3. verifies it through an app, 4. accesses purchase history and personalized recommendations, and 5. can repurchase items through the app. Using MongoDB’s aggregation pipelines and change streams, retailers can process data efficiently and enable AI-driven personalization immediately after checkout. This streamlined handling of structured and unstructured receipt data supports rapid analysis of customer preferences and purchasing patterns. MongoDB's workload isolation ensures that analytical processes do not impact the performance of customer-facing applications, maintaining a seamless user experience. Retailers can enhance customer engagement by leveraging this data to offer personalized promotions, loyalty rewards, and cross-selling opportunities. Ready to embrace digital receipts? Digital receipts are reshaping how brick-and-mortar retailers unlock customer insights and deliver AI-driven personalization. With MongoDB Atlas, retailers can instantly analyze transactional data, customer preferences, and purchase history within a flexible document model, powering real-time, tailored recommendations that increase basket size, drive repeat purchases, and boost conversions. Beyond personalization, digital receipts reduce printing costs and support sustainability by eliminating paper waste, while offering customers a convenient, app-based way to access and search past purchases. The real value lies in the data: by capturing rich, real-time insights from every in-store transaction, retailers can unify physical and digital touchpoints, improving customer engagement and business agility. MongoDB’s scalable architecture and real-time processing empower retailers to adapt quickly to changing behavior and deliver seamless, data-driven experiences. Now is the time to modernize your customer engagement strategy. Digital receipts aren’t just a convenience; they’re a competitive advantage! Discover how MongoDB Atlas can help you deliver seamless customer experiences across all channels through our solutions page .
PointHealth AI: Scaling Precision Medicine for Millions
For years, the healthcare industry has grappled with a persistent, frustrating challenge: the absence of a unified, precise approach to patient treatment. Patients often endure "trial-and-error prescribing," leading to delayed recovery and a system bogged down by inefficiency. The core problem lies in scaling precision medicine—making advanced, individualized care accessible to millions of people. This was the big obstacle that Rachel Gollub, CTO and co-founder of the VC-backed startup PointHealth AI , set out to overcome. With a vision to integrate precision medicine into mainstream healthcare, Gollub and her team are transforming how care is delivered, a mission significantly bolstered by their pivotal partnership with MongoDB . Uncovering the gaps in healthcare treatment decisions Over a decade working within the insurance industry, Gollub and her co-founder, Joe Waggoner, observed a frustrating reality: persistent gaps in how treatment decisions were made. This wasn't just about inefficiency; it directly impacted patients, who often experienced "trial-and-error prescribing" that delayed their recovery. As Gollub states, they witnessed "the frustrating gaps in treatment decision-making." It motivated them to seek a better solution. The fundamental challenge they faced was scaling precision medicine. How could something so powerful be made accessible to millions rather than just a select few hundred? The biggest obstacle wasn't solely about the technology itself; it was about seamlessly integrating that technology into existing healthcare workflows. How PointHealth AI eliminates treatment guesswork PointHealth AI's approach involves a proprietary AI reinforcement learning model. This system analyzes a range of data, including similar patient cases, detailed medical histories, drug interactions, and pharmacogenomic insights. When a physician enters a diagnosis into their health record system, PointHealth AI generates a comprehensive patient report. This report offers tailored treatments, actionable insights, and clinical considerations, all designed to guide decision-making. Gollub explains the company’s mission: "to integrate precision medicine into mainstream healthcare, ensuring every diagnosis leads to the right treatment from the start." Its focus is on "eliminating guesswork and optimizing care from the very first prescription." The objective is "to deliver personalized, data-driven treatment recommendations." Its strategy for implementation involves direct partnerships with insurance companies and employers. By embedding its technology directly into these healthcare workflows, PointHealth AI aims to ensure widespread accessibility across the entire system. It’s also collaborating with health systems, electronic health record (EHR) companies, and other insurers. The natural choice: Why PointHealth AI chose MongoDB Atlas A significant enabler of this progress has been PointHealth AI's partnership with MongoDB. Gollub's prior experience with both self-hosted and managed MongoDB provided confidence in its performance and reliability. MongoDB Atlas was a "natural choice" when selecting a data platform for PointHealth AI. It offered the features the team was looking for, including vector search , text search , and managed scalability . The provision of Atlas credits also swayed the decision. PointHealth AI had specific requirements for its data platform. It needed "high security, HIPAA compliance, auto-scaling, fast throughput, and powerful search capabilities." The fact that MongoDB Atlas provided these features within a single, managed solution was huge. MongoDB Atlas ensures seamless backups and uptime through its managed database infrastructure. Its vector and text search capabilities are critical for effectively training AI models. The scaling experience has been "seamless," according to Gollub. The MongoDB team has offered "invaluable guidance in architecting a scalable system." This support has enabled PointHealth AI to optimize for performance while remaining on budget. Gollub emphasizes that "HIPAA compliance, scalability, expert support, and advisory sessions have all played critical roles in shaping our infrastructure." The MongoDB for Startups program has proven impactful. The "free technical advisor sessions provided a clear roadmap for our database architecture." The Atlas credits offered flexibility, allowing the team to "fine-tune our approach without financial strain." Furthermore, the "invaluable expert recommendations and troubleshooting support from the MongoDB advisor team" have been a vital resource. Gollub extends a "huge thank you to the MongoDB Atlas team for their support in building and scaling our system, and handling such an unusual use case." From pilots to Series A: PointHealth AI's next steps Looking forward, PointHealth AI has an ambitious roadmap for the current year. Its focus includes launching pilot installations and expanding partnerships with insurance and EHR companies. It’s also dedicated to refining its AI model to support a wider range of health conditions beyond depression. The overarching goal is to bring "precision-driven treatment recommendations to physicians and patients." The aim, Gollub said, is to "launch successful pilots, acquire new customers, and complete our Series A round." As Gollub states, "Precision medicine isn’t the future—it’s now." The team possesses the technology to deliver targeted treatment options, aiming to ensure patients receive the correct care from the outset. Their vision is to shape a healthcare system where personalized treatments are the standard. Visit PointHealth AI to learn more about how this innovative startup is making advanced, individualized care accessible to millions. Join the MongoDB for Startups program to start building faster and scaling further with MongoDB!
What I Wish I’d Known Before Becoming a Solutions Architect
My journey to becoming a solutions architect (SA) has been anything but straightforward. After working as an engineer in telecom, receiving my PhD in computer science, and spending time in the energy efficiency and finance industries, I joined MongoDB to work at the intersection of AI and data solutions, guiding enterprises to success with MongoDB’s flexible, scalable database platform. It’s a role that requires having both deep technical knowledge and business acumen, and while the nature of the SA role has evolved over time, one thing has remained constant: the need to understand people, their problems, and how the technology we use can solve them. As I reflect on my career journey, here are some key lessons I’ve learned about being an SA—and things I wish I’d known when I first started. 1. Influence comes from understanding In my earlier roles, I thought that presenting clients with a perfect technical solution was the key to success. However, I quickly learned that being a successful solutions architect requires much more than technical excellence. Instead, the solutions that you offer need to be aligned with customers’ business needs. You also need to understand the underlying challenges driving the conversation. In my role, I frequently work with clients facing complex data challenges, whether in real-time analytics, scaling operations, or AI applications. The first step is always understanding their business goals and technical pain points, which is more important than simply proposing the “best” solution. By stepping back and listening, you can not only better design a solution that addresses their needs but also gain their trust. I’ve found that the more I understand the context, the better I can guide clients through the complexities of data architecture—whether they're building on MongoDB Atlas, optimizing for performance, or leveraging our data products to drive innovation. What I wish I’d known: Influence doesn’t come from showing how much you know—it comes from showing how much you understand. Listening is your most powerful design tool. 2. Building champions drives success You can build the most scalable, secure, and elegant system in the world — but if it doesn’t align with stakeholder priorities, it will stall. In reality, architecture is rarely a purely technical exercise. Success depends on alignment with a diverse set of stakeholders, each with their own priorities. Whether you're collaborating with engineering teams, product managers, security specialists, or leadership, the key to success is to engage everyone early and often. Stakeholders are not just passive recipients of your solution; they are active participants who co-own the outcome. In many cases, your design will be shaped by their feedback, and finding a champion within the organization can make all the difference. This champion—whether from the technical side or the business side—will help advocate for your solution internally, align the team, and overcome any resistance. This is particularly important for MongoDB SAs because we’re often addressing diverse needs, from data privacy concerns to performance scalability. Building a strong internal advocate ensures that your design gains the necessary momentum and credibility within the client’s organization. What I wish I’d known: Success doesn’t come from being right—it comes from being aligned. Influence is earned through empathy, clarity, and trust. As a solutions architect, your greatest value is not just in solving technical problems—it’s in helping diverse teams pull in the same direction. And nothing accelerates that more than having a strong, trusted internal champion on your side. 3. Winning deals requires teamwork At MongoDB, we’re not just selling a product—we’re selling a solution. Winning deals involves close collaboration with Sales, Engineering, and Client Services. The most successful deals come when the entire team is aligned, from understanding the customer’s unique needs to crafting a solution that fits their long-term goals. You want to win? Here’s what that actually looks like: You prep with sales like it’s a final exam. Know the account history, know the politics, know what was promised six months ago that never landed. Be the person who connects past pain to future value. You do dry runs and anticipate the tough questions. Then you hand those questions to someone else on your team who can knock them out of the park. That’s trust. You turn strategy decks into conversations . A flashy diagram is great, but asking “Does this actually solve the headache you told us about last week?” — that’s where momentum starts. You loop in Professional Services early to pressure-test feasibility. You loop in CSMs to ask, “If we win this, what does success look like a year from now?” You help sales write the follow-up — not just with a thank-you, but with a crisp summary of what we heard, what we proposed, and what comes next. You make the path forward obvious. One of the most valuable lessons I’ve learned is that winning a deal doesn’t rely solely on delivering a flawless demo. It’s the little things that matter—anticipating questions, making quick adjustments based on client feedback, and being agile in your communication. Being part of a unified team that works seamlessly together is the key to winning deals and ensuring client success. What I wish I’d known: Winning a deal is a series of micro-decisions made together, not a solo act. Great architecture doesn’t close a deal—great alignment does. Your best asset isn’t the system you design—it’s the trust you build with your team and the confidence you project to your client that we’ve got this. Together. 4. You don’t have to know everything When I first transitioned into this role, I felt the pressure to master every piece of the tech stack—especially at MongoDB, where our solutions touch on everything from cloud data platforms to AI, real-time data processing, and beyond. It was overwhelming to think that I needed to be an expert in all of it. But here’s the truth: As a solutions architect, your real value lies not in knowing every detail, but in understanding how the pieces fit together. You don’t need to be the deepest expert in each technology—what’s important is knowing how MongoDB’s platform integrates with client needs and when to bring in the right specialists. The role is about connecting the dots, asking the right questions, and collaborating across teams. The more you embrace curiosity and rely on your colleagues, the better your solutions will be. What I wish I’d known: Mastery isn’t about knowing all the answers. It’s about knowing which questions to ask, and who to ask them to. Focus on principles, patterns, and clarity. Let go of the pressure to be the smartest person at the table—you’re there to make the table work better together. Curiosity is your compass, and collaboration is your fuel. 5. Architecture lives beyond the diagram When most people think of a solutions architect, they picture designing systems, building technical architectures, and drawing elegant diagrams. While that’s part of the job, the true value lies in how well those designs are communicated, understood, and adopted by the client. Specifically, your architecture needs to work in real-world scenarios. You’re not just drawing idealized diagrams on a whiteboard—you’re helping clients translate those ideas into actionable steps. That means clear communication, whether through shared documentation, interactive walkthroughs, or concise explanations. Understanding your client’s needs and constraints is just as important as the technical design itself. And when it comes to sizing and scaling, MongoDB’s flexibility makes it easy to adapt and grow as the business evolves. What I wish I knew: Architecture doesn’t end at the diagram—it begins there. The real value is realized in how well the design is communicated, contextualized, sized, and adopted. Use whatever format helps people get it. And before you document the system, understand the system of people and infrastructure you’re building it for. 6. It’s not just about data Data may be the foundation of my work as a solutions architect, but the real magic happens when you connect with people. Being a great architect means being a great communicator, listener, and facilitator. You’ll frequently find yourself between business leaders seeking faster insights and developers looking for the right data model. Translating these needs and building consensus is a big part of the role. The solutions we design are only valuable if they meet the diverse needs of the client’s teams. Whether it’s simplifying data operations, optimizing query performance, or enabling AI-driven insights, your ability to connect with stakeholders and address their unique challenges is key. Emotional intelligence, empathy, and collaboration are essential. What I wish I’d known: Being a great architect means being a great communicator, listener, and facilitator. Emotional intelligence is your secret weapon. The more time you invest in understanding your stakeholders’ pain points, motivations, and language, the more successful your architecture will be—because people will actually use it. 7. The job is constantly evolving and so are you The field of data architecture is rapidly evolving, and MongoDB is at the forefront of this change. From cloud migrations to AI-driven data products, the technology landscape is always shifting. As a solutions architect, you have to be adaptable and prepared for the next big change. At MongoDB, we work with cutting-edge technologies and constantly adapt to new trends, whether it’s AI, machine learning, or serverless computing. The key is to embrace change and continuously learn. The more you stay curious and open to new ideas, the more you’ll grow in your role and your ability to drive client success. As MongoDB continues to innovate, the learning curve is steep, but that’s what keeps the job exciting. What I wish I knew: You don’t “arrive” as a solutions architect—you evolve. And that evolution doesn’t stop. But everything you learn builds on itself. No effort is wasted. Every challenge adds depth. Every mistake adds clarity. The technologies may change, but the thinking compounds—and that’s what makes you valuable over the long run. It’s not just a role–it’s a journey Reflecting on my path to becoming a solutions architect at MongoDB, I realize that the journey is far from linear. From network protocols to financial systems and AI-driven data solutions, each role added a new layer to my experience. Becoming a solutions architect didn’t mean leaving behind my past—it meant integrating it into a broader perspective. At MongoDB, every day brings new challenges and opportunities. Whether you’re designing a solution for a global enterprise or helping a startup scale their data operations, the core of the job remains the same: solving problems, connecting people, and helping others succeed. And as you grow in the role, you’ll find that the most powerful thing you bring to the table isn’t just your expertise—it’s your ability to keep learning, to show up with intention, and to simplify complexity for everyone around you. To anyone stepping into this role at MongoDB: welcome. The journey is just beginning! Join our talent community for the latest MongoDB culture and careers content.
Navigating the AI Revolution: The Importance of Adaptation
In 1999, Steve Ballmer gave a famous speech in which he said that the “key to industry transformation, the key to success is developers developers developers developers developers developers developers, developers developers developers developers developers developers developers! Yes!” A similar mantra applies when discussing how to succeed with AI: adaptation, adaptation, adaptation! Artificial intelligence has already begun to transform how we work and live, and the changes AI is bringing to the world will only accelerate. Businesses rely ever more heavily on software to run and execute their strategies. So, to keep up with competitors, their processes and products must deliver what end-users increasingly expect: speed, ease of use, personalization—and, of course, AI features. Delivering all of these things (and doing so well) requires having the right tech stack and software foundation in place and then successfully executing. To better understand the challenges organizations adopting AI face, MongoDB and Capgemini recently worked with the research organization TDWI to assess the state of AI readiness across industries. The road ahead Based on a survey “representing a diverse mix of industries and company sizes,” TDWI’s “The State of Data and Operational Readiness for AI ” contains lots of super interesting findings. One I found particularly compelling is the percentage of companies with AI apps in production: businesses largely recognize the potential AI holds, but only 11% of survey respondents indicated that they had AI applications in production. Still only 11%! We’re well past the days of exploring whether AI is relevant. Now, every organization sees the value. The question is no longer ‘if’ but ‘how fast and how effectively’ they can scale it. Mark Oost, VP, AI and Generative AI Group Offer Leader, Capgemini There’s clearly work to be done; data readiness challenges highlighted in the report include managing diverse data types, ensuring accessibility, and providing sufficient compute power. Less than half (39%) of companies surveyed manage newer data formats, and only 41% feel they have enough compute. The report also shows how much AI has changed the very definition of software, and how software is developed and managed. Specifically, AI applications continuously adapt, and they learn and respond to end-user behavior in real-time; they can also autonomously make decisions and execute tasks. All of which depends on having a solid, flexible software foundation. Because the agility and adaptability of software are intrinsically linked to the data infrastructure upon which it's built, rigid legacy systems cannot keep pace with the demands of AI-driven change. So modern database solutions (like, ahem, MongoDB)—built with change in mind—are an essential part of a successful AI technology stack. Keeping up with change The tech stack can be said to comprise three layers: at the “top,” the interface or user experience layer; then the business logic layer; and a data foundation at the bottom. With AI, the same layers are there, but they’ve evolved: Unlike traditional software applications, AI applications are dynamic . Because AI-enriched software can reason and learn, the demands placed on the stack have changed. For example, AI-powered experiences include natural language interfaces, augmented reality, and those that anticipate user needs by learning from other interactions (and from data). In contrast, traditional software is largely static: it requires inputs or events to execute tasks, and its logic is limited by pre-defined rules. A database underpinning AI software must, therefore, be flexible and adaptable, and able to handle all types of data; it must enable high-quality data retrieval; it must respond instantly to new information; and it has to deliver the core requirements of all data solutions: security, resilience, scalability, and performance. So, to take action and generate trustworthy, reliable responses, AI-powered software needs access to up-to-date, context-rich data. Without the right data foundation in place, even the most robust AI strategy will fail. Figure 1. The frequency of change across eras of technology. Keeping up with AI can be head-spinning, both because of the many players in the space (the number of AI startups has jumped sharply since 2022, when ChatGPT was first released 1 ), and because of the accelerating pace of AI capabilities. Organizations that want to stay ahead must evolve faster than ever. As the figure above dramatically illustrates, this sort of adaptability is essential for survival. Execution, execution, execution But AI success requires more than just the right technology: expert execution is critical. Put another way, the difference between success and failure when adapting to any paradigm shift isn’t just having the right tools; it’s knowing how to wield those tools. So, while others experiment, MongoDB has been delivering real-world successes, helping organizations modernize their architectures for the AI era, and building AI applications with speed and confidence. For example, MongoDB teamed up with the Swiss bank Lombard Odier to modernize its banking tech systems. We worked with the bank to create customizable generative AI tooling, including scripts and prompts tailored for the bank’s unique tech stack, which accelerated its modernization by automating integration testing and code generation for seamless deployment. And, after Victoria’s Secret transformed its database architecture with MongoDB Atlas , the company used MongoDB Atlas Vector Search to power an AI-powered visual search system that makes targeted recommendations and helps customers find products. Another way MongoDB helps organizations succeed with AI is by offering access to both technology partners and professional services expertise. For example, MongoDB has integrations with companies across the AI landscape—including leading tech companies (AWS, Google Cloud, Microsoft), system integrators (Capgemini), and innovators like Anthropic, LangChain, and Together AI. Adapt (or else) In the AI era, what organizations need to do is abundantly clear: modernize and adapt, or risk being left behind. Just look at the history of smartphones, which have had an outsized impact on business and communication. For example, in its Q4 2007 report (which came out a few months after the first iPhone’s release), Apple reported earnings of $6.22 billion, of which iPhone sales comprised less than 2% 2 ; in Q1 2025, the company reported earnings of $124.3 billion, of which 56% was iPhone sales. 3 The mobile application market is now estimated to be in the hundreds of billions of dollars, and there are more smartphones than there are people in the world. 4 The rise of smartphones has also led to a huge increase in the number of people globally who use the internet. 5 However, saying “you need to adapt!” is much easier said than done. TWDI’s research, therefore, is both important and useful—it offers companies a roadmap for the future, and helps them answer their most pressing questions as they confront the rise of AI. Click here to read the full TDWI report . To learn more about how MongoDB can help you create transformative, AI-powered experiences, check out MongoDB for Artificial Intelligence . P.S. ICYMI, here’s Steve Ballmer’s famous “developers!” speech. 1 https://ourworldindata.org/grapher/newly-funded-artificial-intelligence-companies 2 https://www.apple.com/newsroom/2007/10/22Apple-Reports-Fourth-Quarter-Results/ 3 https://www.apple.com/newsroom/pdfs/fy2025-q1/FY25_Q1_Consolidated_Financial_Statements.pdf 4 ttps://www.weforum.org/stories/2023/04/charted-there-are-more-phones-than-people-in-the-world/ 5 https://ourworldindata.org/grapher/number-of-internet-users
Luna AI and MongoDB Throw Lifeline to Product Teams
Product and engineering leaders face a constant battle: making crucial real-time decisions amidst a sea of fragmented, reactive, and disconnected progress data. The old ways—chasing updates, endlessly pinging teams on Slack, digging through Jira, and enduring endless status meetings—simply aren't cutting it. This struggle leaves product and engineering leads wasting precious hours on manual updates, while critical risks silently slip through the cracks. This crucial challenge is precisely what Luna AI , powered by its robust partnership with MongoDB , is designed to overcome. Introducing Luna AI: Your intelligent program manager Luna AI was founded to tackle this exact problem, empowering product and engineering leaders with the visibility and context they need, without burying their PMs in busy work. Imagine having an AI program manager dedicated to giving you clear insights into goals, roadmap ROI, initiative progress, and potential risks throughout the entire product lifecycle. Luna AI makes this a reality by intelligently summarizing data from your existing tools like Jira and Slack. It can even automatically generate launch and objective and key result (OKR) status updates, create your roadmap, and analyze your Jira sprints, drastically reducing the need for manual busywork. From concept to command center: The evolution of Luna AI Luna AI’s Co-founder, Paul Debahy, a seasoned product leader with experience at Google, personally felt the pain of fragmented data during his time as a CPO. Inspired by Google's internal LaunchCal, which provided visibility into upcoming launches, Luna AI initially began as a launch management tool. However, a key realization quickly emerged: Customers primarily needed help "managing up." This insight led to a pivotal shift, focusing Luna AI on vertical management—communicating status, linking execution to strategy, and empowering leaders, especially product leaders, to drive decisions. Today, Luna AI has evolved into a sophisticated AI-driven insights platform. Deep Jira integration and advanced LLM modules have transformed it from a simple tracker into a strategic visibility layer. Luna AI now provides essential capabilities like OKR tracking, risk detection, resource and cost analysis, and smart status summaries. Luna AI believes product leadership is increasingly strategic, aiming to be the system of record for outcomes, not just tasks. Its mission: to be everyone’s AI program manager, delivering critical strategy and execution insights for smarter decision-making. The power under the hood: Building with MongoDB Atlas Luna AI’s robust technology stack includes Node.js, Angular, and the latest AI/LLM models. Its infrastructure leverages Google Cloud and, crucially, MongoDB Atlas as its primary database. When selecting a data platform, Luna AI prioritized flexibility, rapid iteration, scalability, and security. Given the dynamic, semi-structured data ingested from diverse sources like Jira, Slack, and even meeting notes, a platform that could handle this complexity was essential. Key requirements included seamless tenant separation, robust encryption, and minimal operational overhead. MongoDB proved to be the perfect fit for several reasons. The developer-friendly experience was a major factor, as was the flexible schema of its document database, which naturally accommodated Luna AI’s complex and evolving data model. This flexibility was vital for tracking diverse information such as Jira issues, OKRs, AI summaries, and Slack insights, enabling quick adaptation and iteration. MongoDB also offered effortless support for the startup’s multi-tenant architecture. Scaling with MongoDB Atlas has been smooth and fast, according to Luna AI. Atlas effortlessly scaled as the company added features and onboarded workspaces ranging from startups to enterprises. The monitoring dashboard has been invaluable, offering insights that helped identify performance bottlenecks early. In fact, index suggestions from the dashboard directly led to significant improvements to speed. Debahy even remarked, "Atlas’s built-in insights make it feel like we have a DB ops engineer on the team." Luna AI relies heavily on Atlas's global clusters and automated scaling . The monitoring and alerting features provide crucial peace of mind, especially during launches or data-intensive tasks like Jira AI epic and sprint summarization. The monitoring dashboard was instrumental in resolving high-latency collections by recommending the right indexes. Furthermore, in-house backups are simple, fast, and reliable, with painless restores offering peace of mind. Migrating from serverless to dedicated instances was seamless and downtime-free. Dedicated multi-tenant support allows for unlimited, isolated databases per customer. Auto-scaling is plug-and-play, with Atlas handling scaling across all environments. Security features like data-at-rest encryption and easy access restriction management per environment are also vital benefits. The support team has consistently been quick, responsive, and proactive. A game-changer for startups: The MongoDB for Startups program Operating on a tight budget as a bootstrapped and angel-funded startup, Luna AI found the MongoDB for Startups program to be a true game changer. It stands out as one of the most founder-friendly programs the company has encountered. The Atlas credits completely covered the database costs, empowering the team to test, experiment, and even make mistakes without financial pressure. This freedom allowed them to scale without worrying about database expenses or meticulously tracking every compute and resource expenditure. Access to technical advisors and support was equally crucial, helping Luna AI swiftly resolve issues ranging from load management to architectural decisions and aiding in designing a robust data model from the outset. The program also opened doors to a valuable startup community, fostering connections and feedback. Luna AI’s vision: The future of product leadership Looking ahead, Luna AI is focused on two key areas: Building a smarter, more contextual insights layer for strategy and execution. Creating a stakeholder visibility layer that requires no busy work from product managers. Upcoming improvements include predictive risk alerts spanning Jira, Slack, and meeting notes. They are also developing ROI-based roadmap planning and prioritization, smart AI executive status updates, deeper OKR traceability, and ROI-driven tradeoff analysis. Luna AI firmly believes that the role of product leadership is becoming increasingly strategic. With the support of programs like MongoDB for Startups, they are excited to build a future where Luna AI is the definitive system of record for outcomes. Ready to empower your product team? Discover how Luna AI helps product teams thrive. Join the MongoDB for Startups program to start building faster and scaling further with MongoDB!
Mongoose Now Natively Supports QE and CSFLE
Mongoose 8.15.0 has been released, which adds support for the industry-leading encryption solutions available from MongoDB. With this update, it’s simpler than ever to create documents leveraging MongoDB Queryable Encryption (QE) and Client-Side Level Field Encryption (CSFLE), keeping your data secure when it is in use. Read on to learn more about approaches to encrypting your data when building with MongoDB and Mongoose. What is Mongoose? Mongoose is a library that enables elegant object modeling for Node.js applications working with MongoDB. Similar to an Object-Relational Mapper (ORM), the Mongoose Object Document Mapper (ODM) simplifies programmatic data interaction through schemas and models. It allows developers to define data structures with validation and provides a rich API for CRUD operations, abstracting away many of the complexities of the underlying MongoDB driver. This integration enhances productivity by enabling developers to work with JavaScript objects instead of raw database queries, making it easier to manage data relationships and enforce data integrity. What is QE and CSFLE? Securing sensitive data is paramount. It must be protected at every stage—whether in transit, at rest, or in use. However, implementing in-use encryption can be complex. MongoDB offers two approaches to make it easier: Queryable Encryption (QE) and Client-Side Level Field Encryption (CSFLE). QE allows customers to encrypt sensitive application data, store it securely in an encrypted state in the MongoDB database, and perform equality and range queries directly on the encrypted data. An industry-first innovation, QE eliminates the need for costly custom encryption solutions, complex third-party tools, or specialized cryptography knowledge. It employs a unique structured encryption schema, developed by the MongoDB Cryptography Research Group , that simplifies the encryption of sensitive data while enabling equality and range queries to be performed directly on data without having to decrypt it. The data remains encrypted at all stages, with decryption occurring only on the client side. This architecture supports solidified strict access controls, where MongoDB and even an organization’s own database administrators (DBAs) don’t have access to sensitive data. This design enhances security by keeping the server unaware of the data it processes, further mitigating the risk of exposure and minimizing the potential for unauthorized access. Adding QE/CSFLE auto-encryption support for Mongoose The primary goal of the Mongoose integration with QE and CSFLE is to provide idiomatic support for automatic encryption, simplifying the process of creating encrypted models. With native support for QE and CSFLE, Mongoose allows developers to define encryption options directly within their schemas without the need for separate configurations. This first-class API enables developers to work within Mongoose without dropping down to the driver level, minimizing the need for significant code changes when adopting QE and CSFLE. Mongoose streamlines configuration by automatically generating the encrypted field map. This ensures that encrypted fields align perfectly with the schema and simplifies the three-step process typically associated with encryption setup, shown below. Mongoose also keeps the schema and encrypted fields in sync, reducing the risk of mismatches. Developers can easily declare fields with the encrypt property and configure encryption settings, using all field types and encryption schemes supported by QE and CSFLE. Additionally, users can manage their own encryption keys, enhancing control over their encryption processes. This comprehensive approach empowers developers to implement robust encryption effortlessly while maintaining operational efficiency. Pre-integration experience const kmsProviders = { local: { key: Buffer.alloc(96) }; const keyVaultNamespace = 'data.keys'; const extraOptions = {}; const encryptedDatabaseName = 'encrypted'; const uri = '<mongodb URI>'; const encryptedFieldsMap = { 'encrypted.patent': { encryptedFields: EJSON.parse('<EJSON string containing encrypted fields, either output from manual creation or createEncryptedCollection>', { relaxed: false }), } }; const autoEncryptionOptions = { keyVaultNamespace, kmsProviders, extraOptions, encryptedFieldsMap }; const schema = new Schema({ patientName: String, patientId: Number, field: String, patientRecord: { ssn: String, billing: String } }, { collection: 'patent' }); const connection = await createConnection(uri, { dbName: encryptedDatabaseName, autoEncryption: autoEncryptionOptions, autoCreate: false, // If using createEncryptedCollection, this is false. If manually creating the keyIds for each field, this is true. }).asPromise(); const PatentModel = connection.model('Patent', schema); const result = await PatentModel.find({}).exec(); console.log(result); This example demonstrates the manual configuration required to set up a Mongoose model for QE and CSFLE, requiring three different steps to: Define an encryptedFieldsMap to specify which fields to encrypt Configure autoEncryptionOptions with key management settings Create a Mongoose connection that incorporates these options This process can be cumbersome, as it requires explicit setup for encryption. New experience with Mongoose 8.15.0 const schema = new Schema({ patientName: String, patientId: Number, field: String, patientRecord: { ssn: { type: String, encrypt: { keyId: '<uuid string of key id>', queries: 'equality' } }, billing: { type: String, encrypt: { keyId: '<uuid string of key id>', queries: 'equality' } }, } }, { encryptionType: 'queryableEncryption', collection: 'patent' }); const connection = mongoose.createConnection(); const PatentModel = connection.model('Patent', schema); const keyVaultNamespace = 'client.encryption'; const kmsProviders = { local: { key: Buffer.alloc(96) }; const uri = '<mongodb URI>'; const keyVaultNamespace = 'data.keys'; const autoEncryptionOptions = { keyVaultNamespace, kmsProviders, extraOptions: {} }; await connection.openUri(uri, { autoEncryption: autoEncryptionOptions}); const result = await PatentModel.find({}).exec(); console.log(result); This "after experience" example showcases how the integration of QE and CSFLE into Mongoose simplifies the encryption setup process. Instead of the previous three-step approach, developers can now define encryption directly within the schema. In this implementation, fields like ssn and billing are marked with an encrypt property, allowing for straightforward configuration of encryption settings, including the keyId and query types. The connection to the database is established with a single call that includes the necessary auto-encryption options, eliminating the need for a separate encrypted fields map and complex configurations. This streamlined approach enables developers to work natively within Mongoose, enhancing usability and reducing setup complexity while maintaining robust encryption capabilities. Learn more about QE/CSFLE for Mongoose We’re excited for you to build secure applications with QE/CSFLE for Mongoose. Here are some resources to get started with: Learn how to set up use Mongoose with MongoDB through our tutorial. Check out our documentation to learn when to choose QE vs. CSFLE . Read Mongoose CSFLE documentation .
MongoDB Atlas Stream Processing Now Supports Session Windows!
We're excited to announce that MongoDB Atlas Stream Processing now supports Session Windows ! This powerful feature lets you build streaming pipelines that analyze and process related events that occur together over time, grouping them into meaningful sessions based on periods of activity. For instance, you can now track all of a customer’s interactions during a shopping journey, treating it as a single session that ends when they’re inactive for a specified period of time. Whether you're analyzing user behavior, monitoring IoT device activities, or tracking system operations, Atlas Stream Processing’s Session Windows make it easy to transform your continuous data streams into actionable insight, and make the data available wherever you need to use it. What are Session Windows? Session Windows are a powerful way to analyze naturally occurring activity patterns in your data by grouping related events that happen close together in time. Think of how users interact with websites or apps—they tend to be active for a period, then take breaks, then return for another burst of activity. Session Windows automatically detect these patterns by identifying gaps in activity, allowing you to perform aggregations and transformations on these meaningful periods of activity. As an example, imagine you're an e-commerce company looking to better understand what your customers do during each browsing session to help improve conversions. With Atlas Stream Processing, you can build a pipeline that: Collects all the product pages a user visits during their browsing session Records the name, category, and price of each item viewed, plus whether items were added to a cart Automatically considers a session complete after 15 minutes of user inactivity Sends the session data to cloud storage to improve recommendation engines With this pipeline, you provide your recommendation engine with ready-to-use data about your user sessions to improve your recommendations in real time. Unlike fixed time-based windows ( tumbling or hopping ), Session Windows adapt dynamically to each user’s behavior patterns. How does it work? Session Windows work similarly to the hopping and tumbling windows Atlas Stream Processing already supports, but with a critical difference: while those windows open and close on fixed time intervals, Session Windows dynamically adjust based on activity patterns. To implement a Session Window, you specify three required components: partitionBy : This is the field or fields that group your records into separate sessions. For instance, if tracking user sessions, use unique user IDs to ensure each user’s activity is processed separately. gap : This is the period of inactivity that signals the end of a session. For instance, in the above example, we consider a user's session complete when they go 15 minutes without clicking on a link in the website or app. pipeline : These are the operations you want to perform on each session's data. This may include counting the number of pages a user visited, recording the page they spent the most time on, or noting which pages were visited multiple times. You then add this Session Window stage to your streaming aggregation pipeline, and Atlas Stream Processing continuously processes your incoming data, groups events into sessions based on your configuration, and applies your specified transformations. The results flow to your designated output destinations in real-time, ready for analysis or to trigger automated actions. A quick example Let’s say you want to build the pipeline that we mentioned above to track user sessions, notify them if they have items in their cart but haven’t checked out, and move their data downstream for analytics. You might do something like this: 1. Configure your source and sink stages This is where you define the connections to any MongoDB or external location you intend to receive data from (source) or send data to (sink). // Set your source to be change streams from the pageViews, cartItems, and orderedItems collections let sourceCollections = { $source: { connectionName: "ecommerce", "db": "customerActivity", "coll": ["pageViews", "cartItems", "orderedItems"] } } // Set your destination (sink) to be the userSessions topic your recommendation engine consumes data from let emitToRecommendationEngine = { $emit: { connectionName: "recommendationEngine", topic: "userSessions", } }; // Create a connection to your sendCheckoutReminder Lambda function that sends a reminder to users to check out if they have items in their cart when the session ends let sendReminderIfNeeded = { $externalFunction: { "connectionName": "operations", "as": "sendCheckoutReminder", "functionName": "arn:aws:lambda:us-east-1:123412341234:function:sendCheckoutReminder" } } 2. Define your Session Window logic This is where you specify how data will be transformed in your stream processing pipeline. // Step 1. Create a stage that pulls only the fields you care about from the change logs. // Every document will have a userId and itemId as all collections share that field. Fields not present will be null. let extractRelevantFields = { $project: { userId: "$fullDocument.userId", itemId: "$fullDocument.itemId", category: "$fullDocument.category", cost: "$fullDocument.cost", viewedAt: "$fullDocument.viewedAt", addedToCartAt: "$fullDocument.addedToCartAt", purchasedAt: "$fullDocument.purchasedAt" } }; // Step 2. By setting _id to $userId this group all the documents by the userId. Fields not present in any records will be null. let groupSessionData = { $group: { _id: "$userId", itemIds: { $addToSet: "$itemId" }, categories: { $addToSet: "$category" }, costs: { $addToSet: "$cost" }, viewedAt: { $addToSet: "$viewedAt" }, addedToCartAt: { $addToSet: "$addedToCartAt" }, purchasedAt: { $addToSet: "$purchasedAt" } } }; // Step 3. Create a session window that closes after 15 minutes of inactivity. The pipeline specifies all operations to be performed on documents sharing the same userId within the window. let createSession = { $sessionWindow: { partitionBy: "$_id", gap: { unit: "minute", size: 15}, pipeline: [ groupSessionData ] }}; 3. Create and start your stream processor The last step is simple: create and start your stream processor. // Create your pipeline array. The session data will be sent to the external function defined in sendReminderIfNeeded, and then it will be emitted to the recommendation engine Kafka topic. finalPipeline = [ sourceCollections, extractRelevantFields, createSession, sendReminderIfNeeded, emitToUserSessionTopic ]; // Create your stream processor sp.createStreamProcessor("userSessions", finalPipeline) // Start your stream processor sp.userSessions.start() And that's it! Your stream processor now runs continuously in the background with no additional management required. As users navigate your e-commerce website, add items to their carts, and make purchases, Atlas Stream Processing automatically: Tracks each user's activity in real-time Groups events into meaningful sessions based on natural usage patterns Closes sessions after your specified period of inactivity (15 minutes) Triggers reminders for users with abandoned carts Delivers comprehensive session data to your analytics systems All of this happens automatically at scale without requiring ongoing maintenance or manual intervention. Session Windows provide powerful, activity-based data processing that adapts to users' behavioral patterns rather than forcing their actions into arbitrary time buckets. Ready to get started? Log in or sign up for Atlas today to create stream processors. You can learn more about Session Windows or get started using our tutorial .
New Data Management Experience in the Atlas UI
For the modern developer, each day is a balancing act. Even a small workflow hiccup can throw off momentum, making seamless data management not just a convenience, but a necessity for staying productive. At MongoDB, our mission is to empower developers to innovate without friction, providing the tools they need, right when they need them. That's why we've enhanced Data Explorer—a data interaction tool in the MongoDB Atlas UI that helps developers stay in the zone, innovate faster, and further streamline their workflows. Data Explorer: Improved data exploration and management in the MongoDB Atlas UI MongoDB provides a powerful graphical user interface (GUI) called MongoDB Compass, trusted by over a million users a month throughout the software development lifecycle. They rely on Compass to build queries and aggregations during development, to refine their schemas during design, to manage data for local testing environments during testing, and to discover patterns and abnormalities in data to inform maintenance and optimization. For users who aren’t comfortable with shell syntax or who prefer working with a GUI, Compass makes it easy to visually interact with data stored in MongoDB. However, many developers prefer to work in the Atlas UI, so we're bringing the Compass experience to them. The new Data Explorer experience brings the familiarity and power of MongoDB Compass to the MongoDB Atlas UI, eliminating the need for developers to toggle between desktop and web interfaces to explore and interact with data. Our goal is to provide seamless data exploration that meets developers where they are in their workflows and caters to all experience levels with MongoDB and Atlas. This new Data Explorer enables developers to view and understand their data, as well as test and optimize queries directly within the browser, streamlining application development and enriching data management processes. It’s intuitive and super easy to find, too. Navigating Data Explorer in the MongoDB Atlas UI The existing Data Explorer experience sits within the 'Collections' tab of the Atlas UI. For easier accessibility, the updated interface will have its own tab called 'Data Explorer,' located under the “Data” navigational header in Atlas' revamped side navigation . Upon opening the “Data Explorer” tab, users are met with the same interface as MongoDB Compass. This brings the intuitive layout and powerful capabilities of Compass into the web UI, providing a guided experience that enhances data exploration and optimization tasks, while also creating a familiar environment for our developers who already know and love Compass. To get started, users can create a new cluster or connect to an existing one by clicking on the “Connect” box next to their chosen cluster. Figure 1. Getting started with Data Explorer With the updated interface, developers can effortlessly interact with data across all Atlas clusters in their projects within a single view, instead of only being able to interact with one cluster at a time. This consolidated view allows developers to focus their tasks directly in the browser, encouraging a streamlined workflow and higher productivity during development. Take advantage of a richer feature set with Data Explorer With the updated Data Explorer experience, you can now leverage the following features: Query with natural language: Create both queries and aggregations using natural language to accelerate your productivity. The intelligent query bar in Data Explorer allows you to ask plain text questions about your data, and teaches you the proper syntax for complex queries and aggregations, creating an initial query or aggregation pipeline that you can modify to fit your requirements. Figure 2. Using the natural language query bar Use advanced document viewing capabilities: Access data across all clusters in your Atlas project in the same browser window. View more documents per page and expand all nested fields across many documents to maximize the amount of data you’re able to view at once. Choose between the list, table, or JSON views to mirror how you work best. Figure 3. Viewing documents through the advanced document viewing capabilities Understand query performance: Visualize output from the Explain command for your queries and aggregations, gaining deeper insights into performance. Use performance insights to optimize your schema design and improve application performance. Figure 4. Visualizing outputs through the Explain Plan command Perform bulk operations: Easily run bulk updates and deletes to migrate or clean your data. Preview how updates will impact documents to ensure accuracy before execution, and get an accurate picture of how many documents will be influenced by the bulk operation. Figure 5. Running bulk updates and deletes Analyze your schemas and define schema validation rules: Utilize built-in schema analysis tools to understand the current shape of your data. The new Schema tab simplifies identifying anomalies and optimizing your data model. Leverage the new Validation tab to ensure data integrity by generating and enforcing JSON Schema validation rules . Figure 6. Analyzing schema and schema validation rules As the gifs show above, the updated Data Explorer in MongoDB Atlas brings powerful and intuitive data exploration tools directly into your browser, streamlining workflows and boosting productivity. With these enhancements, developers can focus on what they do best—building innovative applications—while we handle the complexity of data management. We’re excited for you to start working with Data Explorer in the Atlas UI. Here’s how to get started: Turn on the new experience in Atlas Project Settings or from the previous Data Explorer interface. Try it out now . Check out our documentation to read more about new features available in Data Explorer. Hear more about the changes in this short video .
Strengthening Security: Bug Bounty and GitHub Secret Scanning
Today, MongoDB is announcing two important updates that further strengthen its security posture: The free tier of MongoDB Atlas is now included in the company’s public bug bounty program . MongoDB has joined the GitHub secret scanning program . These updates empower MongoDB to identify and remediate security risks earlier in the development lifecycle. MongoDB has long been committed to proactively tackling security challenges, so the decision to open MongoDB Atlas to responsible testing by the security researcher community was an easy one. Its collaboration with GitHub further strengthens this approach by enabling the detection and validation of exposed MongoDB-specific credentials. Together, these efforts help protect customer data and support secure application development at scale. Expanding MongoDB’s bug bounty program to include MongoDB Atlas The free tier of MongoDB Atlas is now a part of the company’s public bug bounty program. This fully managed, multi-cloud database powers mission-critical workloads for thousands of customers, ranging from large enterprises to small startups and individual developers. MongoDB’s bug bounty program has already paid out over $140,000 in bounties to security researchers and has resolved over 130 bug reports. Integrating Atlas into the bug bounty program is the next step in hardening the database’s security posture, enabling earlier discovery and remediation of potential risks. The cyberthreat landscape is evolving faster than ever. Where organizations once faced a narrower set of risks, today’s threats are more diverse and sophisticated. These include emerging risks like generative AI misuse and supply chain compromises, alongside persistent threats such as phishing, software vulnerabilities, and insider attacks. One proven way to stay ahead of these threats is by working with the security research community through bug bounty programs. Researchers can help identify and report vulnerabilities early, enabling organizations to fix issues before attackers exploit them. Security researchers are expanding their expertise to address new attack vectors, according to HackerOne. In fact, 56% now specialize in API vulnerabilities and 10% focus on AI and large language models. 1 With MongoDB Atlas now included in the company’s bug bounty program, customers can expect: Continuous, real-world testing by a diverse security research community. Systems designed for faster detection of vulnerabilities than traditional penetration testing. Stronger confidence in MongoDB’s ability to safeguard sensitive data. By bringing MongoDB Atlas into its bug bounty program, MongoDB is doubling down on transparency, collaboration, and proactive defense. This is a critical step in reinforcing customer trust and ensuring MongoDB Atlas remains secure as threats evolve. Partnering with GitHub to detect credential leaks faster Building on its commitment to proactive threat detection, MongoDB has also joined GitHub’s secret scanning partner program to better protect customers from credential exposure. This program enables service providers like MongoDB to include their custom secret token formats in GitHub’s secret scanning functionality. This capability actively scans repositories to detect accidental commits of secrets such as API keys, credentials, and other sensitive data. Through this partnership, when GitHub detects a match of MongoDB Atlas–specific secrets, it will notify MongoDB. Then MongoDB can securely determine if the credential is active. As a result, MongoDB can rapidly identify potential security risks and notify customers. Stolen credentials remain one of the most common and damaging threats in cybersecurity. Stolen credentials have been involved in 31% of data breaches in the past decade, according to a Verizon report. Credential stuffing, where bad actors use stolen credentials to access unrelated services, is the most common attack type for web applications. 2 These breaches are particularly harmful, taking an average of 292 days to detect and contain. 3 By participating in GitHub’s secret scanning program, MongoDB helps ensure that MongoDB Atlas customers benefit from: Faster detection and remediation of exposed credentials. Reduced risk of unauthorized access or data leaks. More secure, developer-friendly workflows by default. Staying ahead of evolving security threats MongoDB is continuously evolving to help developers and enterprises stay ahead of security risks. By expanding its public bug bounty program to include MongoDB Atlas and by partnering with GitHub to detect exposed credentials in real time, MongoDB is deepening its investment in proactive, community-driven security. These updates reflect a broader commitment to helping developers and organizations build secure applications, detect risks early, and respond quickly to new and emerging threats. Learn more about these programs: MongoDB’s bug bounty program on HackerOne GitHub’s secret scanning partner program 1 Hacker-Powered Security Report , 8th Edition, HackerOne 2 Verizon Data Breach Investigations Report , 2024 3 IBM Cost of a Data Breach Report , 2024