Story #15751: Manage specials characters in MongoDB passwords.

deployment/roles/init_app_bdd/tasks/check_auth.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Check if authent is enabled
-  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'"
+  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'"
   register: mongo_authent_enabled
   failed_when: false
   no_log: "{{ hide_passwords_during_deploy }}"
@@ -27,7 +27,7 @@
 # When authentication is required, we set mongodb admin credentials
 - name: Set mongodb authentication credentials
   set_fact:
-    mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet"
+    mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet"
   when: "mongo_authent_enabled.rc == 0"
   no_log: "{{ hide_passwords_during_deploy }}"
 

deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Check if authent is enabled
-  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'"
+  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'"
   register: mongo_authent_enabled
   failed_when: false
   no_log: "{{ hide_passwords_during_deploy }}"
@@ -27,7 +27,7 @@
 # When authentication is required, we set mongodb admin credentials
 - name: Set mongodb authentication credentials
   set_fact:
-    mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet"
+    mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet"
   when: "mongo_authent_enabled.rc == 0"
   no_log: "{{ hide_passwords_during_deploy }}"
 

deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Check if authent is enabled
-  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'"
+  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'"
   register: mongo_authent_enabled
   failed_when: false
   no_log: "{{ hide_passwords_during_deploy }}"
@@ -27,7 +27,7 @@
 # When authentication is required, we set mongodb admin credentials
 - name: Set mongodb authentication credentials
   set_fact:
-    mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet"
+    mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet"
   when: "mongo_authent_enabled.rc == 0"
   no_log: "{{ hide_passwords_during_deploy }}"
 

deployment/roles/mongo-express/templates/env.sh.j2

@@ -4,7 +4,7 @@ ME_CONFIG_MONGODB_PORT="{{ mongodb.mongod_port }}"
 ME_CONFIG_SITE_BASEURL="{{ mongo_express.baseuri | default('/') }}"
 ME_CONFIG_MONGODB_ENABLE_ADMIN="true"
 ME_CONFIG_MONGODB_ADMINUSERNAME="{{ mongodb.admin.user }}"
-ME_CONFIG_MONGODB_ADMINPASSWORD="{{ mongodb.admin.password }}"
+ME_CONFIG_MONGODB_ADMINPASSWORD="{{ mongodb.admin.password | urlencode | regex_replace('/', '%2F') }}"
 VCAP_APP_HOST="{{ ip_admin }}"
 VCAP_APP_PORT="{{ mongo_express.port | default('8081') }}"
 {% if mongo_express.basicauth.username != '' %}

deployment/roles/mongo/tasks/check_auth.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Check if authent is enabled
-  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'"
+  command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'"
   register: mongo_authent_enabled
   failed_when: false
   no_log: "{{ hide_passwords_during_deploy }}"
@@ -17,7 +17,7 @@
 # When authentication is required, we set mongodb admin credentials
 - name: Set mongodb authentication credentials
   set_fact:
-    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }}"
+    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet"
     mongo_no_auth: false
   when: mongo_authent_enabled.rc == 0
   no_log: "{{ hide_passwords_during_deploy }}"

deployment/roles/mongo/templates/keyfile.j2

@@ -1 +1 @@
-{{ mongodb.passphrase }}
+{{ mongodb.passphrase | b64encode }}

deployment/roles/mongo/templates/local-user.js.j2

@@ -31,7 +31,7 @@ if (!admin.getUser("{{ mongodb.localadmin.user }}")) {
     admin.createUser(
         {
             user: "{{ mongodb.localadmin.user }}",
-            pwd: "{{ mongodb.localadmin.password }}",
+            pwd: {{ mongodb.localadmin.password | to_json }},
             roles: [
                 { role: "clusterAdmin", db: "admin" },
                 { role: "dbAdmin", db: "logbook" },
@@ -47,7 +47,7 @@ if (!admin.getUser("{{ mongodb.localadmin.user }}")) {
     admin.updateUser(
         "{{ mongodb.localadmin.user }}",
         {
-            pwd: "{{ mongodb.localadmin.password }}",
+            pwd: {{ mongodb.localadmin.password | to_json }},
             roles: [
                 { role: "clusterAdmin", db: "admin" },
                 { role: "dbAdmin", db: "logbook" },

deployment/roles/mongo/templates/restore-mongod.js.j2

@@ -7,13 +7,13 @@
 use admin
 
 // Authenticate as root user
-db.auth("{{ mongodb.admin.user }}", "{{ mongodb.admin.password }}")
+db.auth("{{ mongodb.admin.user }}", {{ mongodb.admin.password | to_json }})
 
 // Create system user
-db.createUser({user: "{{ mongodb.system.user }}", pwd: "{{ mongodb.system.password }}", roles: [ "__system" ]})
+db.createUser({user: "{{ mongodb.system.user }}", pwd: {{ mongodb.system.password | to_json }}, roles: [ "__system" ]})
 
 // Authenticate as system user
-db.auth("{{ mongodb.system.user }}", "{{ mongodb.system.password }}")
+db.auth("{{ mongodb.system.user }}", {{ mongodb.system.password | to_json }})
 
 // Update system.version collections
 db.system.version.deleteOne( { "_id": "minOpTimeRecovery" } )
@@ -40,7 +40,7 @@ db.dropDatabase()
 // Remove system user
 use admin
 // Authenticate as root user
-db.auth("{{ mongodb.admin.user }}","{{ mongodb.admin.password }}")
+db.auth("{{ mongodb.admin.user }}", {{ mongodb.admin.password | to_json }})
 db.removeUser("{{ mongodb.system.user }}")
 
 

deployment/roles/mongo_backup/tasks/set_auth.yml

@@ -12,5 +12,5 @@
 
 - name: Set mongodb authentication credentials
   set_fact:
-    mongo_credentials: " -u {{ login }} -p {{ password }} --quiet"
+    mongo_credentials: " -u {{ login }} -p {{ password | quote }} --quiet"
   no_log: true

deployment/roles/mongo_configure/tasks/main.yml

@@ -3,7 +3,7 @@
 - name: Set mongo connection & credentials
   set_fact:
     mongo_connection: "--host {{ ip_service }} --port {{ mongodb.mongod_port }} --quiet"
-    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }}"
+    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }}"
   no_log: "{{ hide_passwords_during_deploy }}"
   tags: update_mongodb_configuration
 

deployment/roles/mongo_init/tasks/check_auth.yml

@@ -7,7 +7,7 @@
 
 - block:
     - name: Check if authentication is enabled
-      command: "mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'"
+      command: "mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'"
       register: mongo_authent_enabled
       failed_when: false
       no_log: "{{ hide_passwords_during_deploy }}"
@@ -20,7 +20,7 @@
 
 - block:
     - name: Check if authentication is enabled (docker)
-      shell: "docker exec {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'\""
+      shell: "docker exec {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'\""
       failed_when: false
       register: mongo_authent_enabled
 
@@ -33,6 +33,6 @@
 # When authentication is required, we set mongodb admin credentials
 - name: Set mongodb authentication credentials
   set_fact:
-    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --authenticationDatabase {{ mongodb.admin.db }}"
+    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --authenticationDatabase {{ mongodb.admin.db }}"
   when: not mongo_no_auth
   no_log: "{{ hide_passwords_during_deploy }}"

deployment/roles/mongo_restore/tasks/set_auth.yml

@@ -13,5 +13,5 @@
 # When authentication is required, we set mongodb admin credentials
 - name: Set mongodb authentication credentials
   set_fact:
-    mongo_credentials: " -u {{ login }} -p {{ password }} --quiet"
+    mongo_credentials: " -u {{ login }} -p {{ password | quote }} --quiet"
   no_log: true

deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml

@@ -19,7 +19,7 @@
     mode: "{{ vitamui_defaults.folder.conf_permission }}"
 
 - name: "Check compatibility version with mongo {{ mongo_compatibility_list }}"
-  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_compatibility_version.js"
+  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_compatibility_version.js"
   no_log: "{{ hide_passwords_during_deploy }}"
   ignore_errors: true # To properly catch output on the next task
   register: output_compatibility_version

deployment/roles/mongodb_check_replica_state/tasks/main.yml

@@ -9,7 +9,7 @@
     mode: "{{ vitamui_defaults.folder.conf_permission }}"
 
 - name: Check replica state
-  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_replica_state.js"
+  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_replica_state.js"
   no_log: "{{ hide_passwords_during_deploy }}"
   ignore_errors: true # To properly catch output on the next task
   register: output_replica_state

deployment/roles/mongodb_migration_v5/tasks/reconfig.yml

@@ -2,7 +2,7 @@
 
 # https://www.mongodb.com/docs/v4.2/reference/command/isMaster/#output
 - name: Check if the member is primary of the replicaset or not
-  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.isMaster().ismaster'"
+  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --eval 'rs.isMaster().ismaster'"
   register: primary_test_command
   no_log: "{{ hide_passwords_during_deploy }}"
 
@@ -16,7 +16,7 @@
   when: primary_test_command.stdout == 'true'
 
 - name: "Reconfigure replicaset for {{ mongo_type }}"
-  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/{{ mongo_type }}/reconfig.js"
+  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/{{ mongo_type }}/reconfig.js"
   no_log: "{{ hide_passwords_during_deploy }}"
   when:
     - primary_test_command.stdout == 'true'

deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml

@@ -19,5 +19,5 @@
     mode: "{{ vitamui_defaults.folder.conf_permission | default('0440') }}"
 
 - name: "Set_feature_compatibility to {{ mongo_version }}"
-  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/mongod/set_feature_compatibility.js"
+  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/mongod/set_feature_compatibility.js"
   no_log: "{{ hide_passwords_during_deploy }}"

deployment/roles/mongodb_set_members_groups/tasks/main.yml

@@ -2,7 +2,7 @@
 
 # https://www.mongodb.com/docs/v4.2/reference/command/isMaster/#output
 - name: Check if the member is primary of the replicaset or not
-  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.isMaster().ismaster'"
+  command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --eval 'rs.isMaster().ismaster'"
   register: primary_test_command
   no_log: "{{ hide_passwords_during_deploy }}"
 
@@ -18,4 +18,3 @@
     is_primary: false
   when:
     - primary_test_command.stdout != 'true'
-

deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml

@@ -18,12 +18,12 @@
   - block:
     # https://www.mongodb.com/docs/manual/reference/method/rs.stepDown/
     - name: Step down the member (elect a new primary member)
-      command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.stepDown();'"
+      command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --eval 'rs.stepDown();'"
       no_log: "{{ hide_passwords_during_deploy }}"
       ignore_errors: true # as we are brutally disconnected by the server (because reboot)
 
     - name: Wait until this member is not primary anymore
-      command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script//{{ mongo_type }}/wait_until_not_master.js"
+      command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script//{{ mongo_type }}/wait_until_not_master.js"
       no_log: "{{ hide_passwords_during_deploy }}"
       ignore_errors: true # To properly catch output on the next task
       register: output_not_master
@@ -38,7 +38,7 @@
       - groups['hosts_vitamui_mongod'] | length > 1
 
   - name: Graceful shutdown of node
-    command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/shutdown.js"
+    command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/shutdown.js"
     no_log: "{{ hide_passwords_during_deploy }}"
     ignore_errors: true # as we are brutally disconnected by the server (because of shutdown)
 
@@ -92,7 +92,7 @@
       timeout: "{{ vitamui_defaults.services.start_timeout }}"
 
   - name: Wait for node to join the cluster and reach "secondary" or "primary" status
-    command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/wait_until_proper_node_state.js"
+    command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/wait_until_proper_node_state.js"
     no_log: "{{ hide_passwords_during_deploy }}"
     ignore_errors: true # To properly catch output on the next task
     register: output_node_state

deployment/roles/reinit_security_certificates/tasks/main.yml

@@ -13,7 +13,7 @@
 - name: Set Mongo URI and credentials
   set_fact:
     mongod_uri: "{{ mongo_nodes | join(',') }}"
-    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet"
+    mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet"
   no_log: "{{ hide_passwords_during_deploy }}"
 
 - name: Compute security.populate_certificates script

deployment/roles/vitamui/templates/archive-search/application.yml.j2

@@ -15,7 +15,7 @@ spring:
         instanceId: ${spring.application.name}-${spring.cloud.client.hostname}-${server.port}
   data:
     mongodb:
-      uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}
+      uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}
 
 cas.tenant.identifier: {{ vitamui_platform_informations.cas_tenant }}
 

deployment/roles/vitamui/templates/cas-server/application.yml.j2

@@ -102,10 +102,10 @@ cas.server.prefix: {{ url_prefix }}/cas
 {% endif %}
 login.url: ${cas.server.prefix}/login
 
-cas.service-registry.mongo.client-uri: "mongodb://{{ mongodb.cas.user }}:{{ mongodb.cas.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port | default(27017) }}/{{ mongodb.cas.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}"
+cas.service-registry.mongo.client-uri: "mongodb://{{ mongodb.cas.user }}:{{ mongodb.cas.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port | default(27017) }}/{{ mongodb.cas.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}"
 cas.service-registry.mongo.collection: services
 cas.service-registry.mongo.user-id: {{ mongodb.cas.user }}
-cas.service-registry.mongo.password: {{ mongodb.cas.password }}
+cas.service-registry.mongo.password: {{ mongodb.cas.password | quote }}
 
 cas.authn.surrogate.separator: ","
 cas.authn.surrogate.sms.attribute-name: fakeNameToBeSureToFindNoAttributeAndNeverSendAnSMS

deployment/roles/vitamui/templates/collect/application.yml.j2

@@ -15,7 +15,7 @@ spring:
         instanceId: ${spring.application.name}-${spring.cloud.client.hostname}-${server.port}
   data:
     mongodb:
-      uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}
+      uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}
   servlet:
     multipart:
       max-file-size: -1

deployment/roles/vitamui/templates/iam/application.yml.j2

@@ -15,7 +15,7 @@ spring:
         instanceId: ${spring.application.name}-${spring.cloud.client.hostname}-${server.port}
   data:
     mongodb:
-      uri: "mongodb://{{ mongodb.iam.user }}:{{ mongodb.iam.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.iam.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}"
+      uri: "mongodb://{{ mongodb.iam.user }}:{{ mongodb.iam.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.iam.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}"
 
 logging:
   config: {{ vitamui_folder_conf }}/logback.xml