doc: DOCSP-54251 -- Document how to move from or to Service Accounts authentication #3753
+52
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
APIx bot: a message has been sent to Docs Slack channel |
marcosuma
reviewed
Oct 7, 2025
|
|
||
| The JWT token is only valid during its set duration time. See [Generate Service Account Token](https://www.mongodb.com/docs/atlas/api/service-accounts/generate-oauth2-token/#std-label-generate-oauth2-token-atlas) for more details on creating an SA token. | ||
|
|
||
| **IMPORTANT:** Currently, the MongoDB Terraform provider does not support additional Token OAuth features. |
There was a problem hiding this comment.
Q: what do we mean with this?
|
|
||
| **IMPORTANT:** Currently, the MongoDB Terraform provider does not support additional Token OAuth features. | ||
|
|
||
| **NOTE:** You can not use ``mongodbatlas_event_trigger`` with Service Accounts as the authentication method. |
There was a problem hiding this comment.
Should we add a why? @lantoli
| } | ||
| ``` | ||
|
|
||
| 2. Provide a valid JSON Web Token (JWT): |
There was a problem hiding this comment.
I am not 100% clear on this. When I read it seems like we're saying
Step 1. Use client_id and client_secret
Step 2. Add the access_token attribute
which should not be the case. Instead it's "you either use client_id+client_secret or access_token"
Comment on lines
+7
to
+8
| This guide helps you migrate from Programmatic Access Key (PAK) authentication to Service | ||
| Accounts (SA) authentication and viceversa without impacting your deployment. |
There was a problem hiding this comment.
Isn't this guide just to demonstrate how to migrate from PAK to SA? Should we recommend/suggest migrating from SA to PAK? Also vice versa is a latin phrase that doesn't translate well.
Suggested change
| This guide helps you migrate from Programmatic Access Key (PAK) authentication to Service | |
| Accounts (SA) authentication and viceversa without impacting your deployment. | |
| This guide helps to you migrate from Programmatic Access Key (PAK) authentication to Service | |
| Accounts (SA) authentication without impacting your deployment. |
Comment on lines
+17
to
+32
| The following example declares PAK authentication: | ||
|
|
||
| ```terraform | ||
| provider "mongodbatlas" { | ||
| public_key = var.mongodbatlas_public_key | ||
| private_key = var.mongodbatlas_private_key | ||
| ``` | ||
|
|
||
| To change to SA, declare the variables as in the following example: | ||
|
|
||
| ```terraform | ||
| provider "mongodbatlas" { | ||
| client_id = var.mongodbatlas_client_id | ||
| client_secret = var.mongodbatlas_client_secret | ||
| } | ||
| ``` |
There was a problem hiding this comment.
To improve clarity, suggest:
Suggested change
| The following example declares PAK authentication: | |
| ```terraform | |
| provider "mongodbatlas" { | |
| public_key = var.mongodbatlas_public_key | |
| private_key = var.mongodbatlas_private_key | |
| ``` | |
| To change to SA, declare the variables as in the following example: | |
| ```terraform | |
| provider "mongodbatlas" { | |
| client_id = var.mongodbatlas_client_id | |
| client_secret = var.mongodbatlas_client_secret | |
| } | |
| ``` | |
| For example, consider the following sample PAK authentication variables: | |
| ```terraform | |
| provider "mongodbatlas" { | |
| public_key = var.mongodbatlas_public_key | |
| private_key = var.mongodbatlas_private_key | |
| ``` | |
| To change to SA, modify the variables to use your SA client_id and client_secret: | |
| ```terraform | |
| provider "mongodbatlas" { | |
| client_id = var.mongodbatlas_client_id | |
| client_secret = var.mongodbatlas_client_secret | |
| } | |
| ``` |
|
|
||
| **IMPORTANT:** Currently, the MongoDB Terraform provider does not support additional Token OAuth features. | ||
|
|
||
| **NOTE:** You can not use ``mongodbatlas_event_trigger`` with Service Accounts as the authentication method. |
There was a problem hiding this comment.
Suggested change
| **NOTE:** You can not use ``mongodbatlas_event_trigger`` with Service Accounts as the authentication method. | |
| **NOTE:** You can't use ``mongodbatlas_event_trigger`` with Service Accounts as the authentication method. |
|
|
||
| **Note:** For more information on SA, see [Service Accounts Overview](https://www.mongodb.com/docs/atlas/api/service-accounts-overview/) | ||
| in the MongoDB documentation. | ||
|
|
There was a problem hiding this comment.
Do we need a Prerequisites or Before You Begin section?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
DOCSP-54251
Creates a guide to move to Service Accounts auth.
Link to any related issue(s):
Type of change:
Required Checklist:
Further comments