- API >
- Public API Tutorials >
- Rotate Automation Password with the API
Rotate Automation Password with the API¶
You can programmatically rotate the automation user’s password by updating a project’s automation configuration.
This page describes the following process to rotate the automation user’s password using the Cloud Manager API:
- Set auth.newAutoPwd and leave auth.autoPwd with its current password.
- Wait for the goal state.
- auth.newAutoPwd copies over the auth.autoPwd password automatically.
Note
You can set this option only when you include SCRAM-SHA-1 or SCRAM-SHA-256 as one of the authentication mechanisms for the Automation in auth.autoAuthMechanisms.
Prerequisites¶
- You must have access to the API. To learn more, see Configure API Access.
- Your API key must have the
Project Automation Admin
orProject Owner
role. - Authentication must be enabled.
Variables for Automation Config API Resources¶
The API resources use one or more of these variables. Replace these variables with your desired values before calling these API resources.
Name | Type | Description |
---|---|---|
PUBLIC-KEY |
string | Your public API Key for your API credentials. |
PRIVATE-KEY |
string | Your private API Key for your API credentials. |
cloud.mongodb.com |
string | URL of your Cloud Manager instance. |
GROUP-ID |
string | Unique identifier of your project from your Project Settings. |
CLUSTER-ID |
string | Unique identifier of your cluster. |
Procedure¶
Retrieve and validate the automation configuration from Cloud Manager.¶
Use the automationConfig resource to retrieve the configuration. Issue the following command, replacing the placeholders with the Variables for Automation Config API Resources.
Validate the downloaded Automation Configuration file.
Compare the
version
field of thecurrentAutomationConfig.json
with that of the Automation Configuration backup file,mms-cluster-config-backup.json
. Theversion
value is the last element in both JSON documents. You can find this file on any host running the MongoDB Agent at:- Linux and macOS:
/var/lib/mongodb-mms-automation/mms-cluster-config-backup.json
- Windows:
%SystemDrive%\MMSAutomation\versions\mms-cluster-config-backup.json
If the
version
values match, you are working with the current version of the Automation Configuration file.- Linux and macOS:
Create a new automation configuration file from the current one.¶
Replace the variables in the following command and run it:
Name | Description |
---|---|
<NEW_OPS_MANAGER_AUTOMATION_PASSWORD> |
Specify the new Automation password. |
<CURRENT_AUTOMATION_CONFIGURATION_VERSION> |
Specify the current Automation version. Note To check your current Automation version, Get the Automation Configuration. |
<NEW_AUTOMATION_CONFIGURATION_VERSION> |
Specify the current Automation version incremented by 1. For
example, if you have a current Automation version of 4 ,
the new Automation version should be 5 . |
Send the updated automation configuration.¶
Use the automationConfig resource to send the updated automation configuration.
Issue the following command, pointing to the
modifiedAutomationConfig.json
file created in the previous step,
which contains the updated configuration document. Replace the
placeholders with the Variables for Automation Config API Resources.
Upon successful update of the configuration, the API returns the HTTP
200 OK
status code to indicate the request has succeeded.
Confirm successful update of the automation configuration.¶
Retrieve the automation configuration from Cloud Manager and confirm it contains the changes. To retrieve the configuration, issue the following command, replacing the placeholders with the Variables for Automation Config API Resources.
Note
The Automation version automatically increments two times. For example, if you pushed the new Automation version as 5, the new Automation version after all changes is 7. The Automation updates the Automation user password on all managed MongoDB Server deployments.
Check the deployment status to ensure goal state is reached.¶
Use the automationStatus resource to retrieve the deployment status. Issue the following command, replacing the placeholders with the Variables for Automation Config API Resources.
Confirm that the values of all the lastGoalVersionAchieved
fields
in the processes
array match the goalVersion
field. To learn
about deployment status, see Get Automation Status of Latest Plan.