If I run db.auth("myusername", "mypassword") in an instance of mongosh, and then I open .mongodb/mongosh/mongosh_repl_history from my home directory in my editor, I see the password has clearly been saved to this file in cleartext. How do I prevent this from occurring?
I'm using MongoDB Community Edition 7.0 on MacOS Sonoma 14.3.1
Have a look at Configure mongosh parameter
redactHistoryHowever, the default is
remove, thus by default it should not store the credentials as clear text by default.If this would be the case, then I strongly suggest to create an urgent ticket at https://jira.mongodb.org/