We would like to do nightly purging of old data out of our mongo cluster. First thought is to write shell script which connects to one of the mongos and issues a remove instruction.
evalString='db.fs.files.remove({uploadDate: {$lte : ISODate("2017-01-01")}})'
mongo localhost:1234/databaseName -u USER -p PWD --eval $evalString
This works fine but of course I don't like to have plaintext PWD in scripts. At a minimum could chmod 500 on it but still feels sub-optimal to have plain text pwd in script.
What are the best alternatives?
I'm running Mongo 3.4.4 on RHEL 7.3. It's the non-Enterprise version of Mongo so no LDAP/Kerberos. we are not using x509 security either and I'm looking for alternatives that don't involve upgrading to Enterprise or going down x509 route, although I'd be fine with hearing why doing those things really is the right thing to do and also without doing those things what the gaps are that get left open.
Best Answer
First.. It's better to use --eval='command' and not echo a string to mongo... What comes to that password, you could use
-p $(cat /etc/secret/password)and files chmod is like 0400