Database Manual / Reference / Connection Strings

Connection String Options

This page lists all connection options to connect to your database using SRV connection strings and standard connection strings.

Connection options are pairs in the following form: name=value.

The option name is case insensitive when using a driver.
The option name is case insensitive when using mongosh.
The value is always case sensitive.

Separate options with the ampersand (&) character name1=value1&name2=value2. In the following example, a connection includes the replicaSet and connectTimeoutMS options:

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@db1.example.net:27017,db2.example.net:2500/?replicaSet=test&connectTimeoutMS=300000

Note

Semi-colon separator for connection string arguments

To provide backwards compatibility, drivers currently accept semi-colons (;) as option separators.

Replica Set Option

The following connection string connects to a replica set named myRepl with members running on the specified hosts. It authenticates as user myDatabaseUser with the password D1fficultP%40ssw0rd:

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@db0.example.com:27017,db1.example.com:27017,db2.example.com:27017/?replicaSet=myRepl

Connection Option Description

Connection Option	Description
`replicaSet`	Specifies the name of the replica set, if the `mongod` is a member of a replica set. Set the `replicaSet` connection option to ensure consistent behavior across drivers. When connecting to a replica set, provide a seed list of the replica set member(s) to the `host[:port]` component of the uri. For specific details, refer to your driver documentation.
`directConnection`	Specifies whether the client connects directly to the `host[:port]` in the connection URI: `true`: The client sends operations to only the specified host. It doesn't attempt to discover any other members of the replica set. `false`: The client attempts to discover all servers in the replica set, and sends operations to the primary member. This is the default value. IMPORTANT: When a replica set runs in Docker, it might expose only one MongoDB endpoint. In this case, the replica set is not discoverable, and specifying `directConnection=false` can prevent your application from connecting to it. In a test or development environment, you can connect to the replica set by specifying `directConnection=true` in your connection URI. In a production environment, we recommend configuring the cluster to make each MongoDB instance accessible outside of the Docker virtual network.

replicaSet

Specifies the name of the replica set, if the mongod is a member of a replica set. Set the replicaSet connection option to ensure consistent behavior across drivers.

When connecting to a replica set, provide a seed list of the replica set member(s) to the host[:port] component of the uri. For specific details, refer to your driver documentation.

directConnection

Specifies whether the client connects directly to the host[:port] in the connection URI:

true: The client sends operations to only the specified host. It doesn't attempt to discover any other members of the replica set.
false: The client attempts to discover all servers in the replica set, and sends operations to the primary member. This is the default value.

IMPORTANT: When a replica set runs in Docker, it might expose only one MongoDB endpoint. In this case, the replica set is not discoverable, and specifying directConnection=false can prevent your application from connecting to it.

In a test or development environment, you can connect to the replica set by specifying directConnection=true in your connection URI. In a production environment, we recommend configuring the cluster to make each MongoDB instance accessible outside of the Docker virtual network.

Connection Options

TLS Options

The following connection string to a replica set includes tls=true option. It authenticates as user myDatabaseUser with the password D1fficultP%40ssw0rd.

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&tls=true

Alternatively, you can also use the equivalent ssl=true option:

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&ssl=true

Connection Option	Description
`tls`	Enables or disables TLS/SSL for the connection: `true`: Initiate the connection with TLS/SSL. Default for SRV Connection Format. `false`: Initiate the connection without TLS/SSL. Default for Standard Connection String Format. The `tls` option is equivalent to the `ssl` option. If the `mongosh` shell specifies additional tls/ssl options from the command-line, use the `--tls` command-line option instead.
`ssl`	A boolean to enable or disable TLS/SSL for the connection: `true`: Initiate the connection with TLS/SSL. Default for SRV Connection Format. `false`: Initiate the connection without TLS/SSL. Default for Standard Connection String Format. The `ssl` option is equivalent to the `tls` option. If the `mongosh` shell specifies additional tls/ssl options from the command-line, use the `--ssl` command-line option instead.
`tlsCertificateKeyFile`	Specifies the location of a local `.pem` file that contains either the client's TLS/SSL X.509 certificate or the client's TLS/SSL certificate and key. The client presents this file to the `mongod` / `mongos` instance. `mongod` / `mongos` logs a warning on connection if the presented X.509 certificate expires within `30` days of the `mongod/mongos` host system time. This option is not supported by all drivers. Refer to the Drivers documentation. This connection string option is not available for the `mongo` shell. Use the command-line option instead.
`tlsCertificateKeyFilePassword`	Specifies the password to de-crypt the `tlsCertificateKeyFile`. This option is not supported by all drivers. Refer to the Drivers documentation. This connection string option is not available for the `mongo` shell. Use the command-line option instead.
`tlsCAFile`	Specifies the location of a local `.pem` file that contains the root certificate chain from the Certificate Authority. This file is used to validate the certificate presented by the `mongod` / `mongos` instance. This option is not supported by all drivers. Refer to the Drivers documentation. This connection string option is not available for the `mongo` shell. Use the command-line option instead.
`tlsAllowInvalidCertificates`	Bypasses validation of the certificates presented by the `mongod` / `mongos` instance Set to `true` to connect to MongoDB instances even if the server's present invalid certificates. This option is not supported by all drivers. Refer to the Drivers documentation. This connection string option is not available for the `mongo` shell. Use the command-line option instead. WARNING: Disabling certificate validation creates a vulnerability.
`tlsAllowInvalidHostnames`	Disables hostname validation of the certificate presented by the `mongod` / `mongos` instance. Set to `true` to connect to MongoDB instances even if the hostname in the server certificates do not match the server's host. This option is not supported by all drivers. Refer to the Drivers documentation. This connection string option is not available for the `mongo` shell. Use the command-line option instead. WARNING: Disabling certificate validation creates a vulnerability.
`tlsInsecure`	Disables various certificate validations. Set to `true` to disable certificate validations. The exact validatations disabled vary by drivers. Refer to the Drivers documentation. This connection string option is not available for the `mongo` shell. Use the command-line option instead. WARNING: Disabling certificate validation creates a vulnerability.

Timeout Options

Connection Option	Description
`connectTimeoutMS`	The time in milliseconds to attempt a connection before timing out. The default is 10,000 milliseconds, but specific drivers might have a different default. For details, see the driver documentation.
`socketTimeoutMS`	The time in milliseconds to attempt a send or receive on a socket before the attempt times out. The default is never to timeout, though different drivers might vary. See the driver documentation.

Compression Options

Connection Option Description

compressors

Comma-delimited string of compressors to enable network compression for communication between this client and a mongod / mongos instance.

You can specify the following compressors:

If you specify multiple compressors, then the order in which you list the compressors matter as well as the communication initiator. For example, if the client specifies the following network compressors "zlib,snappy" and the mongod specifies "snappy,zlib", messages between the client and the mongod uses zlib.

Messages are compressed when both parties enable network compression. Otherwise, messages between the parties are uncompressed.

If the parties do not share at least one common compressor, messages between the parties are uncompressed.

mongosh supports the uri connection string option compressors.

zlibCompressionLevel

An integer that specifies the compression level if using zlib for network compression.

You can specify an integer value ranging from -1 to 9:

Value Notes

-1

Default compression level, usually level 6 compression.

0

No compression

1 - 9

Increasing level of compression but at the cost of speed, with:

1 providing the best speed but least compression, and
9 providing the best compression but at the slowest speed.

Supported by mongosh.

Connection Pool Options

Most drivers implement some kind of connection pool handling. Some drivers do not support connection pools. See your driver documentation for more information on the connection pooling implementation. These options allow applications to configure the connection pool when connecting to the MongoDB deployment.

Connection Option	Description
`maxPoolSize`	The maximum number of connections in the connection pool. The default value is `100`.
`minPoolSize`	The minimum number of connections in the connection pool. The default value is `0`. The `minPoolSize` option is not supported by all drivers. For information on your driver, see the Drivers documentation.
`maxConnecting`	Maximum number of connections a pool may be establishing concurrently. The default value is `2`. `maxConnecting` is supported for all drivers except the Rust Driver. Raising the value of `maxConnecting` allows the client to establish connection to the server faster, but increases the chance of connection storms. If the value of `maxConnecting` is too low, your connection pool may experience heavy throttling and increased tail latency for clients checking out connections.
`maxIdleTimeMS`	The maximum number of milliseconds that a connection can remain idle in the pool before being removed and closed. This option is not supported by all drivers.
`waitQueueMultiple`	A number that the driver multiplies the `maxPoolSize` value to, to provide the maximum number of threads allowed to wait for a connection to become available from the pool. For default values, see the driver documentation. This option is not supported by all drivers.
`waitQueueTimeoutMS`	The maximum time in milliseconds that a thread can wait for a connection to become available. For default values, see the driver documentation. This option is not supported by all drivers.

Write Concern Options

Write concern describes the level of acknowledgment requested from MongoDB. The write concern option is supported by the:

You can specify the write concern both in the connection string and as a parameter to methods like insert or update. If the write concern is specified in both places, the method parameter overrides the connection-string setting.

MongoDB Atlas deployment connection strings use "majority" by default. If you don't specify write concern for an MongoDB Atlas deployment, MongoDB Atlas enforces "majority".

The following connection string to a replica set specifies "majority" write concern and a 5 second timeout using the wtimeoutMS write concern parameter:

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&w=majority&wtimeoutMS=5000

Connection Option Description

Connection Option	Description
`w`	Corresponds to the write concern `w` Option. The `w` option requests acknowledgment that the write operation has propagated to a specified number of `mongod` instances or to `mongod` instances with specified tags. You can specify a `number`, the string `majority`, or a `tag set`. For details, see `w` Option.
`wtimeoutMS`	Corresponds to the write concern `wtimeout`. `wtimeoutMS` specifies a time limit, in milliseconds, for the write concern. When `wtimeoutMS` is `0`, write operations will never time out. For more information, see `wtimeout`.
`journal`	Corresponds to the write concern `j` Option option. The `journal` option requests acknowledgment from MongoDB that the write operation has been written to the journal. For details, see `j` Option. If you set `journal` to `true`, and specify a `w` value less than 1, `journal` prevails.

w

Corresponds to the write concern w Option. The w option requests acknowledgment that the write operation has propagated to a specified number of mongod instances or to mongod instances with specified tags.

You can specify a number, the string majority, or a tag set.

For details, see w Option.

wtimeoutMS

Corresponds to the write concern wtimeout. wtimeoutMS specifies a time limit, in milliseconds, for the write concern.

When wtimeoutMS is 0, write operations will never time out. For more information, see wtimeout.

journal

Corresponds to the write concern j Option option. The journal option requests acknowledgment from MongoDB that the write operation has been written to the journal. For details, see j Option.

If you set journal to true, and specify a w value less than 1, journal prevails.

For more information, see Write Concern.

readConcern Options

For the WiredTiger storage engine, MongoDB introduces the readConcern option for replica sets and replica set shards.

Read Concern allows clients to choose a level of isolation for their reads from replica sets.

The following connection string to a replica set specifies readConcernLevel=majority:

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&readConcernLevel=majority

Connection Option Description

Connection Option	Description
`readConcernLevel`	The level of isolation. Can accept one of the following values: `local` `majority` `linearizable` `available` This connection string option is not available for `mongosh`. Specify the read concern as an option to the specific operation.

readConcernLevel

The level of isolation. Can accept one of the following values:

This connection string option is not available for mongosh. Specify the read concern as an option to the specific operation.

For more information, see Read Concern.

Read Preference Options

Read preferences describe the behavior of read operations with regards to replica sets. These parameters allow you to specify read preferences on a per-connection basis in the connection string.

For example:

The following connection string to a replica set specifies secondary read preference mode and a maxStalenessSeconds value of 120 seconds:

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&readPreference=secondary&maxStalenessSeconds=120

The following connection string to a sharded cluster specifies secondary read preference mode and a maxStalenessSeconds value of 120 seconds:
```
mongodb://myDatabaseUser:D1fficultP%40ssw0rd@mongos1.example.com,mongos2.example.com/?readPreference=secondary&maxStalenessSeconds=120
```

The following connection string to a sharded cluster specifies secondary read preference mode as well as three readPreferenceTags:

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@mongos1.example.com,mongos2.example.com/?readPreference=secondary&readPreferenceTags=dc:ny,rack:r1&readPreferenceTags=dc:ny&readPreferenceTags=

Order matters when using multiple readPreferenceTags. The readPreferenceTags are tried in order until a match is found. Once found, that specification is used to find all eligible matching members and any remaining readPreferenceTags are ignored. For details, see Order of Tag Matching.

Connection Option Description

Connection Option	Description
`readPreference`	Specifies the read preferences for this connection. Possible values are: `primary` (Default) `primaryPreferred` `secondary` `secondaryPreferred` `nearest` Distributed transactions that contain read operations must use read preference `primary`. All operations in a given transaction must route to the same member. This connection string option is not available for the `mongo` shell. See `cursor.readPref()` and `Mongo.setReadPref()` instead.
`maxStalenessSeconds`	Specifies, in seconds, how stale a secondary can be before the client stops using it for read operations. For details, see Read Preference `maxStalenessSeconds`. By default, there is no maximum staleness and clients will not consider a secondary's lag when choosing where to direct a read operation. The minimum `maxStalenessSeconds` value is 90 seconds. Specifying a value between 0 and 90 seconds will produce an error. MongoDB drivers treat a `maxStalenessSeconds` value of `-1` as "no max staleness", the same as if `maxStalenessSeconds` is omitted.
`readPreferenceTags`	Specifies the tags document as a comma-separated list of colon-separated key-value pairs. For example, To specify the tags document `{ "dc": "ny", "rack": "r1" }`, use `readPreferenceTags=dc:ny,rack:r1` in the connection string. To specify an empty tags document `{ }`, use `readPreferenceTags=` without setting the value. To specify a list of tag documents, use multiple `readPreferenceTags`. For example, `readPreferenceTags=dc:ny,rack:r1&readPreferenceTags=`. Order matters when using multiple `readPreferenceTags`. The `readPreferenceTags` are tried in order until a match is found. For details, see Order of Tag Matching. This connection string option is not available for the `mongo` shell. See `cursor.readPref()` and `Mongo.setReadPref()` instead.

readPreference

Specifies the read preferences for this connection. Possible values are:

Distributed transactions that contain read operations must use read preference primary. All operations in a given transaction must route to the same member.

This connection string option is not available for the mongo shell. See cursor.readPref() and Mongo.setReadPref() instead.

maxStalenessSeconds

Specifies, in seconds, how stale a secondary can be before the client stops using it for read operations. For details, see Read Preference maxStalenessSeconds.

By default, there is no maximum staleness and clients will not consider a secondary's lag when choosing where to direct a read operation.

The minimum maxStalenessSeconds value is 90 seconds. Specifying a value between 0 and 90 seconds will produce an error. MongoDB drivers treat a maxStalenessSeconds value of -1 as "no max staleness", the same as if maxStalenessSeconds is omitted.

readPreferenceTags

Specifies the tags document as a comma-separated list of colon-separated key-value pairs. For example,

To specify the tags document { "dc": "ny", "rack": "r1" }, use readPreferenceTags=dc:ny,rack:r1 in the connection string.
To specify an empty tags document { }, use readPreferenceTags= without setting the value.

To specify a list of tag documents, use multiple readPreferenceTags. For example, readPreferenceTags=dc:ny,rack:r1&readPreferenceTags=.

Order matters when using multiple readPreferenceTags. The readPreferenceTags are tried in order until a match is found. For details, see Order of Tag Matching.

This connection string option is not available for the mongo shell. See cursor.readPref() and Mongo.setReadPref() instead.

For more information, see Read preferences.

Authentication Options

The following connection string to a replica set specifies the authSource to the admin database. That is, the user credentials are authenticated against the admin database.

mongodb://myDatabaseUser:D1fficultP%40ssw0rd@mongodb0.example.com:27017,mongodb1.example.com:27017,mongodb2.example.com:27017/?replicaSet=myRepl&authSource=admin

If the username or password includes the following characters, those characters must be converted using percent encoding:

$ : / ? # [ ] @

Connection Option	Description
`authSource`	Specify the database name associated with the user's credentials. If `authSource` is unspecified, `authSource` defaults to the `defaultauthdb` specified in the connection string. If `defaultauthdb` is unspecified, then `authSource` defaults to `admin`. The `PLAIN` (LDAP), `GSSAPI` (Kerberos), and `MONGODB-AWS` (IAM) authentication mechanisms require that `authSource` be set to `$external`, as these mechanisms delegate credential storage to external services. MongoDB will ignore `authSource` values if no username is provided, either in the connection string or via the `--username` parameter.
`authMechanism` Default: SCRAM-SHA-256	Specify the authentication mechanism that MongoDB uses to authenticate the connection. If you don't specify an `authMechanism` but provide user credentials, MongoDB attempts to use SCRAM-SHA-256. If this fails, it falls back to SCRAM-SHA-1. SCRAM-SHA-1 SCRAM-SHA-256 MONGODB-X509 `MONGODB-AWS` GSSAPI (Kerberos) PLAIN (LDAP SASL) `MONGODB-OIDC` (OpenID Connect OIDC). To use `MONGODB-OIDC`, you must either: Set the `authMechanismProperties` `ENVIRONMENT` variable. Provide an OIDC callback to the client constructor. Only MongoDB Enterprise `mongod` and `mongos` instances provide `GSSAPI` (Kerberos) and `PLAIN` (LDAP) mechanisms. To use `MONGODB-X509`, you must have TLS/SSL Enabled. To use `MONGODB-AWS`, you must be connecting to a MongoDB Atlas cluster which has been configured to support authentication via AWS IAM credentials (an AWS access key ID and a secret access key, and optionally an AWS session token). The `MONGODB-AWS` authentication mechanism requires that the `authSource` be set to `$external`. If the AWS access key ID, secret access key, or session token are defined on your platform by using their respective AWS IAM environment variables, `mongosh` will use these environment variable values to authenticate automatically. You do not need to specify them in the connection string. There are other methods to provide AWS credentials depending on your deployment environment and security requirements. See Connect to an Atlas Cluster for example usage of the `MONGODB-AWS` authentication mechanism. See Authentication on Self-Managed Deployments for more information about the authentication system in MongoDB. Also consider Use X.509 Certificates to Authenticate Clients on Self-Managed Deployments for more information on x509 authentication.
`authMechanismProperties`	Specify properties for the specified `authMechanism` as a comma-separated list of colon-separated key-value pairs. Possible key-value pairs are: `SERVICE_NAME:<string>` Set the Kerberos service name when connecting to Kerberized MongoDB instances. This value must match the service name set on MongoDB instances to which you are connecting. Only valid when using the GSSAPI authentication mechanism. `SERVICE_NAME` defaults to `mongodb` for all clients and MongoDB instances. If you change the `saslServiceName` setting on a MongoDB instance, you must set `SERVICE_NAME` to match that setting. Only valid when using the GSSAPI authentication mechanism. `CANONICALIZE_HOST_NAME:true\|false` Canonicalize the hostname of the client host machine when connecting to the Kerberos server. This may be required when hosts report different hostnames than what is in the Kerberos database. Defaults to `false`. Only valid when using the GSSAPI authentication mechanism. `SERVICE_REALM:<string>` Set the Kerberos realm for the MongoDB service. This may be necessary to support cross-realm authentication where the user exists in one realm and the service in another. Only valid when using the GSSAPI authentication mechanism. `AWS_SESSION_TOKEN:<security_token>` Set the AWS session token for authentication with temporary credentials when using an AssumeRole request, or when working with AWS resources that specify this value such as Lambda. Only valid when using the `MONGODB-AWS` authentication mechanism. You must have an AWS access key ID and a secret access key as well. See Connect to an Atlas Cluster for example usage. `ENVIRONMENT:<string>` Set the OpenID Connect (OIDC) environment. For: Microsoft Azure, set `ENVIRONMENT:azure` Google Cloud Platform, set `ENVIRONMENT:gcp` You must also set `authMechanism` to `MONGODB-OIDC`.
`gssapiServiceName`	Set the Kerberos service name when connecting to Kerberized MongoDB instances. This value must match the service name set on MongoDB instances to which you are connecting. `gssapiServiceName` defaults to `mongodb` for all clients and MongoDB instances. If you change `saslServiceName` setting on a MongoDB instance, you must set `gssapiServiceName` to match that setting. `gssapiServiceName` is a deprecated aliases for `authMechanismProperties=SERVICE_NAME:mongodb`. For more information on which options your driver supports and their relative priority to each other, reference the documentation for your preferred driver version.

Server Selection and Discovery Options

MongoDB provides the following options to configure how MongoDB drivers and mongos instances select a server to which to direct read or write operations.

Connection Option	Description
`localThresholdMS`	The size (in milliseconds) of the latency window for selecting among multiple suitable MongoDB instances. Default: 15 milliseconds. All drivers use `localThresholdMS`. Use the `localThreshold` alias when specifying the latency window size to `mongos`.
`serverSelectionTimeoutMS`	Specifies how long (in milliseconds) to block for server selection before throwing an exception. Default: 30,000 milliseconds.
`serverSelectionTryOnce`	Single-threaded drivers only. When `true`, instructs the driver to scan the MongoDB deployment exactly once after server selection fails and then either select a server or raise an error. When `false`, the driver blocks and searches for a server up to the `serverSelectionTimeoutMS` value. Default: `true`. Multi-threaded drivers and `mongos` do not support `serverSelectionTryOnce`.
`heartbeatFrequencyMS`	`heartbeatFrequencyMS` controls when the driver checks the state of the MongoDB deployment. Specify the interval (in milliseconds) between checks, counted from the end of the previous check until the beginning of the next one. Default: Single-threaded drivers: 60 seconds. Multi-threaded drivers: 10 seconds. `mongos` does not support changing the frequency of the heartbeat checks.
`socketCheckIntervalMS`	Single-threaded clients only. Controls how often the client checks the state of the TCP connection to the MongoDB deployment. If you specify a lower value, the client detects network issues faster but uses more CPU. Default: 5 seconds. This option is not supported by all drivers. Refer to the Drivers documentation.

Miscellaneous Configuration

Connection Option	Description
`appName`	Specify a custom app name. The app name appears in: `mongod` and `mongos` logs the `currentOp.appName` field in the `currentOp` command and `db.currentOp()` method output the `system.profile.appName` field in the database profiler output The `appName` connection option is available for: MongoDB Drivers `mongosh` starting in `mongosh` 1.1.9 MongoDB Compass starting in Compass 1.28.4
`retryReads`	Enables retryable reads. Possible values are: `true`. Enables retryable reads for the connection. Official MongoDB drivers default to `true`. `false`. Disables retryable reads for the connection. `mongosh` does not support retryable reads.
`retryWrites`	Enable retryable writes. Possible values are: `true`. Enables retryable writes for the connection. Official MongoDB drivers default to `true`. `false`. Disables retryable writes for the connection. MongoDB drivers retry transaction commit and abort operations regardless of the value of `retryWrites`. For more information on transaction retryability, see Transaction Error Handling.
`uuidRepresentation`	Possible values are: `standard` The standard binary representation. `csharpLegacy` The default representation for the C# driver. `javaLegacy` The default representation for the Java driver. `pythonLegacy` The default representation for the Python driver. For the default, see the Drivers documentation for your driver. Not all drivers support the `uuidRepresentation` option. For information on your driver, see the drivers documentation.
`loadBalanced`	Specifies whether the client is connecting to a load balancer. This option is `false` by default. You can set this option to `true` only if you meet the following requirements: You specify only one host name. You aren't connecting to a replica set. The `srvMaxHosts` option is unset or has a value of `0`. The `directConnection` option is unset or has a value of `false`.
`srvMaxHosts`	Specifies the number of `mongos` connections that can be created for sharded topologies. Set this option to a non-negative integer. `0` is the default value and means there is no limit on the number of `mongos` connections.

Back

Connection Strings

Formats