Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

Charmed MongoDB Tutorials > Deploy a sharded cluster > 7. Enable security

Enable security in your MongoDB deployment

Transport Layer Security (TLS) is a protocol used to encrypt data exchanged between two applications. Essentially, it secures data transmitted over a network.

Typically, enabling TLS internally within a highly available database or between a highly available database and client/server applications, requires domain-specific knowledge and a high level of expertise. This has all been encoded into Charmed MongoDB. This means (re-)configuring TLS on Charmed MongoDB is readily available and requires minimal effort on your end.

TLS is enabled by relating Charmed MongoDB to the Self Signed Certificates Charm. This charm centralises TLS certificate management consistently and handles operations like providing, requesting, and renewing TLS certificates.

In this part of the tutorial, you will learn how to enable security in your MongoDB deployment using TLS encryption.

Disclaimer: In this tutorial, we use self-signed certificates provided by the self-signed-certificates-operator.

This is not recommended for a production environment.

For production environments, check the collection of Charmhub operators that implement the tls-certificate interface, and choose the most suitable for your use-case.


To enable encryption via TLS in a sharded cluster, we will first set up the self-signed-certificates certificate provider.

Deploy the self-signed-certificates charm as follows:

juju deploy self-signed-certificates --config ca-common-name="Tutorial CA"

Wait until the self-signed-certificates app is active with juju status --watch 1s.

Then, integrate the certificates provider with all cluster components:

juju integrate config-server self-signed-certificates
juju integrate shard0 self-signed-certificates
juju integrate shard1 self-signed-certificates

Your replica set now has encryption enabled via TLS.

Next step: 8. Clean up the environment

Last updated 7 months ago. Help improve this document in the forum.