Terraform and Vault are coming to MongoDB Atlas

Melissa Plunkett


Adding to all of the great stuff we covered at MongoDB World last month we also had announcements about new ways for users to work with MongoDB Atlas and Hashicorp's Terraform and Vault.

TLDR: We are developing a Terraform Provider for MongoDB Atlas to make infrastructure deployment simpler and a Vault Secrets Engine for MongoDB Atlas to enhance and integrate credential and key management.

Terraform and MongoDB Atlas

As development teams strive towards continuous delivery, being able to include infrastructure deployment in code has increasingly become a must-have. Infrastructure as code deployment technology is a fast moving field, but Terraform has stood out with the community as a popular and effective tool for infrastructure. It supports most of the major cloud providers and services via a plugin-based architecture. These plugins are called Providers.

MongoDB is creating a Terraform Provider for MongoDB Atlas with a roadmap which includes full Atlas support for DB Users, Projects, IP Whitelisting, Clusters, Cloud Provider Snapshots, Network Peering and Encryption at Rest. The provider will allow you to easily add MongoDB Atlas to your existing Terraform configurations.

Vault and MongoDB Atlas

The management of keys and secrets involved in operating infrastructure and applications is also a pain point for many, especially as more orgs move to Cloud first. Hashicorp's Vault is a Cloud ready solution to that problem and Vault already has a database Secrets Engine which offers MongoDB server compatibility. It does not, though, work with MongoDB Atlas. This is why we are developing a Vault Secrets Engine for MongoDB Atlas.

The Vault Secrets Engine for MongoDB Atlas will allow you to control the lifecycle (lease, renew, revoke) of your MongoDB database users and programmatic API keys in MongoDB Atlas. This gives you the ability to easily control the dynamic creation and destruction of your most valuable Atlas secrets while following industry best security practices. Like the Terraform Provider, it is another step toward a truly automated continuous delivery cycle.

Delivering Terraform and Vault Support

Development of the Provider and Secrets Engine by DigitalOnUs for MongoDB is already well underway and we can see the finish line. In fact we recently made both GitHub repos open so you can follow our progress: Terraform Provider and Vault Secrets Engine. As required of all Providers and Engines, both code repositories are licensed under the MPL 2.0 open source license. These repos have also been provided to Hashicorp, along with the resources they need, to be tested and approved so they can both be added as official plugins, making installation of both a breeze and allowing them to be listed with their documentation on the appropriate Hashicorp web location.

If you’d like to be kept up to date on the progress from here please complete this short survey to be added to our notification list and we’ll keep you in the loop.