You were redirected from a different version of the documentation. Click here to go back.
This version of the manual is no longer supported. It will be removed on 31 July 2021.
  • Agents >
  • MongoDB Agent >
  • Configure MongoDB Agent for Externally Sourced Configuration File Values

Configure MongoDB Agent for Externally Sourced Configuration File Values

New in version 4.2.

MongoDB supports using expansion directives in configuration files to load externally sourced values. If you have advanced auditing or compliance needs, you can:

  • Store the MongoDB process configuration (mongod or mongos) in memory so that passwords are not stored on disk, and
  • Read MongoDB Agent configurationpasswords from a shell command rather than directly from the MongoDB Agent configuration file.

Store MongoDB Process Configuration Files in Memory

MongoDB configuration files may contain credentials such as:

By default, the MongoDB Agent writes MongoDB process configuration files to disk. However, you can store the configuration files in memory by setting enableLocalConfigurationServer to true in your MongoDB Agent configuration file. Changing this setting results in the following actions:

  • The MongoDB Agent caches your MongoDB process configuration in memory.
  • The MongoDB configuration file on disk contains only a directive that points to the full configuration file.

When the MongoDB Agent uses an in-memory MongoDB configuration, the MongoDB process requests the full configuration file from its local MongoDB Agent. The Agent requests the configuration file using the URL in the __rest expansion directive.


If you use Ops Manager version 4.2 or versions 4.4.0 - 4.4.6, you may encounter errors when setting enableLocalConfigurationServer to true. To avoid this, see Store Configuration Files in Memory for Existing Clusters.


Impacts Availability of MongoDB Deployments

When this feature is enabled, the MongoDB Agent doesn’t store the MongoDB process configuration on disk. If the Ops Manager app server is unavailable and the MongoDB Agent attempts to restart, then the MongoDB Agent stops running because it doesn’t have the necessary configuration information. If a MongoDB process crashes while the MongoDB Agent isn’t running, then the MongoDB Agent can’t restart the process.

Limits Importing Existing MongoDB Deployments

You cannot import MongoDB processes that have configuration files with credentials stored in memory. When the configuration is stored in memory, MongoDB redacts any credentials after use. Therefore, MongoDB can’t retrieve the credentials necessary to import the process.

Remove Passwords from the MongoDB Agent Configuration File

You can specify that the MongoDB Agents’ passwords are called from a shell command rather than read directly from the MongoDB Agent configuration file. To use this feature, add the following settings to the MongoDB Agent’s configuration file: