Where Do Your Database Credentials Actually Live? Inside Mongon's Security Architecture
A database client holds the keys to your most sensitive infrastructure. You should know exactly what it does with them. This is a plain-language tour of how Mongon connects, what it stores, where it stores it, and what leaves your device — with the honest caveats included.
The Short Version
- Mongon connects directly from your device to your database. There is no Mongon server in the middle — we don't run any.
- TLS/SSL, SSH tunneling (password or private key), and SCRAM authentication protect the connection itself.
- Saved connections live on-device in the app's sandboxed container, and — if you enable sync — in your private iCloud database that only your Apple ID can access.
- No account, no signup, no credential ever touches infrastructure we operate.
- Usage analytics are feature counters — never queries, results, hostnames, or credentials.
The Data Path: Your Device, Your Database, Nothing Else
Many database tools with sync or collaboration features route traffic — or at least metadata — through their own cloud. That widens your attack surface: a breach of the vendor becomes a breach of you.
Mongon is architected so this category of risk doesn't exist. The app speaks the MongoDB wire protocol, the PostgreSQL protocol, and RESP directly, using native Swift drivers. When you run a query, packets travel from your Mac to your database server and back. There is no proxy, no relay, no "Mongon Cloud" — not as a policy, but as an architecture. We couldn't intercept your traffic if we wanted to, because there is nothing of ours for it to pass through.
Encryption on the Wire
Three mechanisms protect the connection itself:
- TLS/SSL — enable it per connection, or use a
mongodb+srv://string (Atlas connections negotiate TLS automatically). PostgreSQL and Redis connections support TLS the same way. - SSH tunneling — for databases behind a bastion host, Mongon opens an SSH tunnel first and connects through it. Both password and private-key authentication are supported, including key passphrases.
- SCRAM authentication — MongoDB connections authenticate with SCRAM challenge-response, so your password is never sent as plaintext at the protocol level.
Where Saved Connections Live on Your Mac
Mongon is a Mac App Store app, which means it runs inside the macOS App Sandbox. Your saved connections are stored in the app's private, sandboxed container — a directory other apps cannot read. On top of that, virtually every modern Mac encrypts the whole disk with FileVault, so the data is encrypted at rest along with everything else on your machine.
The sandbox cuts both ways, and that's the point: it also limits what Mongon itself can touch. The app can open network connections to your databases and read the files you explicitly hand it (an import, an SSH key you select) — and nothing else on your system.
iCloud Sync, Honestly
If you enable sync (a premium feature), your saved connections replicate across your Macs and iPhone through CloudKit — specifically, through your private CloudKit database. Private means exactly that: it belongs to your Apple ID, and no one else — including us — can query it. Mongon has no visibility into what syncs; the data moves between your devices and Apple's infrastructure.
Here is the honest caveat most marketing pages skip: under Apple's standard data protection, this data is encrypted in transit and at rest, but Apple holds the decryption keys — that's what makes iCloud data recovery possible. If you want true end-to-end encryption, enable Advanced Data Protection on your Apple account. With it on, the keys live only on your devices, and neither Apple nor anyone else can decrypt your synced data.
And if you'd rather nothing sync at all: leave sync off. Connections then never leave your device, full stop.
No Account, No Servers, No Custody
You never create a Mongon account. There is no login, no email capture, no token of ours sitting next to your credentials. Purchases and refunds are handled by the App Store; sync is handled by your iCloud account. The result is a simple invariant: your credentials never touch infrastructure we operate — because we don't operate any.
What We Do Collect
Mongon sends anonymous usage analytics so we know which features earn their keep — events like aggregate_run or connection_connected, with properties like the database type (MongoDB vs PostgreSQL), whether SSH was used, and how long the connection took.
What analytics never include: your queries, your results, document contents, database names, hostnames, usernames, or passwords. The events are counters, not content. The full details are in our privacy policy.
Reviewed, Sandboxed, Notarized
Because Mongon ships exclusively through the Mac App Store and the iOS App Store, every build goes through Apple's review and runs sandboxed on your machine. You don't have to trust a random notarized download from the internet — the distribution chain is Apple's.
Questions about any of this? We answer security questions directly — get in touch.
Try Mongon — no account required
A native Mac + iPhone client for MongoDB, PostgreSQL, and Redis that connects straight to your database.
Download Mongon