I am investigating NoSQL Technologies for use in a project and Azure Cosmos Mongo API has arisen as an option. As part of Microsofts recommended architecture there is a Resource broker component middleware which retains ownership of the CosmosDB Master access key, and that can generate/distribute resource tokens for finer-grained access to consuming clients.
The documentation does not seem to allude to the Mongo API anywhere however and I cannot find information anywhere about it, is this pattern not available for the Cosmos Mongo API database? If that is the case, and Cosmos Mongo API requires access simply to a Master key, how would fine-grained access control and least privilege access be able to work?
There is an alternative question on Stackoverflow around creation of resource tokens but I would want to use an ORM such as mongoose in order to connect to CosmosDB with a resource token to avoid having to distribute Master keys out to many services.
Any answers greatly appreciated!
Resource Tokens are not possible with MongoDB API for Cosmos DB because MongoDB clients do not understand what to do with these. If you are looking at using Cosmos DB as a managed NoSQL database I recommend using the Core (SQL) API.
For more information on this see, Resource Tokens. There are also two reference implementations for token brokers, a Xamarin sample app and another built by Citrix.
Hope this is helpful.