- Security >
- Security Tutorials >
- Access Control Tutorials >
- Generate a Key File
Generate a Key File¶
Overview¶
This section describes how to generate a key file to store
authentication information. After generating a key file, specify the key
file using the keyFile
option when starting a
mongod
or mongos
instance.
A key’s length must be between 6 and 1024 characters and may only contain characters in the base64 set. The key file must not have group or world permissions on UNIX systems. Key file permissions are not checked on Windows systems.
MongoDB strips whitespace characters (e.g. x0d
,
x09
, and x20
) for cross-platform convenience. As a result,
the following operations produce identical keys:
Procedure¶
Create a key file.¶
Create the key file your deployment will use to authenticate servers to each other.
To generate pseudo-random data to use for a
keyfile
, issue the following openssl
command:
You may generate a key file using any method you choose. Always
ensure that the password stored in the key file is both long and
contains a high amount of entropy. Using openssl
in this manner
helps generate such a key.