If the replica set already exists, you need to find the primary node, add the user with the root role, and for each database add the user with the admin / writeAndRead / read role and / or add the admin user for all the databases.
use admin db.createUser({ user: "rootUser", pwd: "rootPass", roles: [ { role: "root", db: "admin" } ] }) db.createUser({ user: "admin", pwd: "adminPass", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] }) use otherDb db.createUser({ user: "rwUser", pwd: "rwUserPass", roles: [{ role: "readWrite", db: "otherDb" }] })
Wait until all replica nodes are synchronized. Set auth = yes for each mongod.conf file (this will force each client to use user / pass).
If you want to (optionally) add a key element to provide additional security steps between all replica sets, you can create this file, copy between each node and include the keyFile parameter inside each mongod.conf file, but this is only to force the collection nodes replicas know the secret between them and start talking, not for client applications.
Finally, restart the primary node, wait for new primary selections, and continue to restart all nodes within the replica set.
Some useful links to create a secret key file http://docs.mongodb.org/v2.6/tutorial/deploy-replica-set-with-auth/#create-the-key-file-to-be-used-by -each-member-of-the-replica-set and more details on the mongodb v2.6 version http://docs.mongodb.org/v2.6/tutorial/deploy-replica-set-with-auth/#create -the-key-file-to-be-used-by-each-member-of-the-replica-set