Docs Menu

Docs HomeMongoDB Compass

Hide Credentials in Your Connection String

On this page

  • About This Task
  • Procedure
  • Command Line Example
  • Configuration File Example
  • Learn More

When you paste a connection string into the MongoDB Compass connection form, Compass shows credentials in plaintext by default. To hide credentials in the connection string, use the protectConnectionStrings option.

When protectConnectionStrings is enabled, users cannot perform the following actions:

  • Edit the connection string in the Compass connection form.

  • Copy the connection string in the Compass interface.

  • See the credentials when exporting a query.

To hide your your connection string credentials, enable the protectConnectionStrings option.

You can set the protectConnectionStrings option in either:

The following command starts Compass from the command line and sets the --protectConnectionStrings option:

<path-to-Compass-executable> --protectConnectionStrings


The name and filepath of the Compass executable depend on your operating system.

You can specify the Compass configuration file in either EJSON or YAML format. The following configurations set the protectConnectionStrings option to true:

{ "protectConnectionStrings": true }
protectConnectionStrings: true

To learn more about the MongoDB Compass configuration file, see Compass Configuration File.

←  Compass Configuration File SettingsBlock Outgoing Network Connections →
Share Feedback
© 2023 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2023 MongoDB, Inc.