This version of the documentation is archived and no longer supported.

Enable Authentication in a Sharded Cluster

On this page

New in version 2.0: Support for authentication with sharded clusters.

To control access to a sharded cluster, create key files and then set the keyFile option on all components of the sharded cluster, including all mongos instances, all config server mongod instances, and all shard mongod instances. The content of the key file is arbitrary but must be the same on all cluster members.


For an overview of authentication, see Access Control. For an overview of security, see Security.


To enable authentication, do the following:

  1. Generate a key file to store authentication information, as described in the Generate a Key File section.

  2. On each component in the sharded cluster, enable authentication by doing one of the following:

    • In the configuration file, set the keyFile option to the key file’s path and then start the component, as in the following example:

      keyFile = /srv/mongodb/keyfile
    • When starting the component, set --keyFile option, which is an option for both mongos instances and mongod instances. Set the --keyFile to the key file’s path.


    The keyFile setting implies auth, which means in most cases you do not need to set auth explicitly.

  3. Add the first administrative user and then add subsequent users. See Create a User Administrator.