Coinbase Secures Access to Its MongoDB Fleet

THEIR CHALLENGE

Securing access to mission-critical data at scale

Every day, millions of people trust Coinbase to safeguard their cryptocurrency investments. The cryptocurrency exchange facilitates billions of dollars in digital asset transactions, storing vast amounts of mission-critical financial data and personally identifiable information in MongoDB Atlas databases.

Coinbase benefits from the rigorous security, resilience, and performance that MongoDB Atlas delivers. The built-in security controls and customizable guardrails of MongoDB Atlas reduce risk, ensure compliance, and protect data from day one, freeing security teams to focus on strategic initiatives while enabling rapid, secure delivery. Security is embedded into every stage of the MongoDB development lifecycle, from design to deployment, and is continually strengthened through ongoing investment and innovation. This depth of security enables organizations like Coinbase to protect sensitive data, meet stringent compliance requirements, and scale with confidence as threats evolve.

As Coinbase grew from a fast-moving startup to a major financial services platform, its security team identified a growing vulnerability in how systems and users accessed the MongoDB Atlas databases that powered some of its critical applications. Traditional authentication methods weren’t designed for the scale, complexity, and security threats that Coinbase faced.

“A password is just something that’s uniquely known to someone and that they can use to prove their identity,” said Ishan Mundra, Software Engineer at Coinbase. “But the issue is that passwords have to be stored somewhere, and if they get leaked, then other people can discover those passwords.”

Certificate-based authentication wasn’t immune either—long-lived certificates that persisted for months or years created their own security gaps. For example, employees left organizations, but their access credentials remained active, creating ghost accounts. Because these credentials were stored in secret managers or configuration files, they had the potential to become attractive targets for attackers.

These industry-wide vulnerabilities demanded a better solution. Coinbase’s Public Key Infrastructure (PKI) team set out to reimagine authentication while maintaining the subsecond latency the platform demanded.

OUR SOLUTION

Using ephemeral certificates to remove persistent credentials for Coinbase

Coinbase’s solution was to replace long-lived credentials with ephemeral certificates: temporary digital identities that exist only for the duration they’re needed, then disappear. Think of it like a hotel key card. Instead of giving guests a permanent key that works indefinitely, hotels issue cards that only function during a guest’s stay. Coinbase applied this same principle to database authentication, but at a far more sophisticated level—and at massive scale.

The team built an internal PKI system that generates certificates on demand. When any approved service or Coinbase employee needs to access MongoDB Atlas, the system dynamically generates unique credentials in real time.

Ephemeral certificates prove identity without the vulnerabilities of traditional passwords. These credentials expire rapidly, sometimes in as little as five minutes. Once a service restarts or a session ends, the certificate dies and cannot be reused.

OUTCOME

Achieving security at scale without compromise

Coinbase has migrated approximately 50% of its traditional authentication system to this certificate-based framework, progressively securing connections to its MongoDB Atlas databases. But the system is already proving itself at a massive scale. Currently, Coinbase issues approximately 200,000 certificates daily—more than 80 million per year—while maintaining sub-50 millisecond latency.

The architecture has enhanced Coinbase’s security posture. Ghost accounts, once an inevitable byproduct of employee turnover, no longer exist. Stolen credentials become worthless within minutes rather than remaining exploitable indefinitely. Because credentials are generated dynamically rather than stored, there’s nothing for attackers to discover in configuration files or secrets managers.

As Coinbase continues to refine its security infrastructure, the team is exploring additional MongoDB capabilities that align with its zero-trust philosophy. Queryable Encryption, which allows encrypted data to be searched and indexed without decryption, represents the next step in protecting sensitive information.

“Being able to encrypt and decrypt client-side with Queryable Encryption is very interesting, but this capability has been very difficult to implement traditionally,” said Kenneth Yang, Staff Software Engineer at Coinbase. “The fact that MongoDB has solved this problem is something very much worth exploring.”