|
The sslPEMKeyPassword is available in plain text in several places. For example in the output of the db.runCommand(
{"getCmdLineOpts" : 1}
) you can see that the password is printed twice:
{
|
"argv": [
|
"/home/adam/git/mongo/mongod",
|
"--port",
|
"27019",
|
"--dbpath",
|
"/data/db/replset/rs_2",
|
"--replSet",
|
"ssltest/vs-asylum:27017,vs-asylum:27018",
|
"--rest",
|
"--sslOnNormalPorts",
|
"--sslPEMKeyFile",
|
"/home/adam/test.pem",
|
"--sslPEMKeyPassword",
|
"mongo",
|
"--oplogSize",
|
"100"
|
],
|
"ok": 1,
|
"parsed": {
|
"dbpath": "/data/db/replset/rs_2",
|
"oplogSize": 100,
|
"port": 27019,
|
"replSet": "ssltest/vs-asylum:27017,vs-asylum:27018",
|
"rest": true,
|
"sslOnNormalPorts": true,
|
"sslPEMKeyFile": "/home/adam/test.pem",
|
"sslPEMKeyPassword": "mongo"
|
}
|
}
|
|