The main Homebrew repository no longer includes MongoDB due to licensing changes made by MongoDB Inc. So to install MongoDB-related tools (like mongosh, mongodb-community, or mongod), we need to use their own tap (mongodb/brew), which contains these formulas.
Tap is a package source (formula repository).
Let's add tap maintained by MongoDB to our local Homebrew setup:
% brew tap mongodb/brew
To install mongo shell:
% brew install mongosh
Verification:
% mongosh --version
2.5.3
If we now run it with no arguments, it will try to connect to the local instance:
% mongosh
Current Mongosh Log ID: 6853eadee32b5e6cd3cc5d2f
Connecting to: mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+2.5.3
MongoNetworkError: connect ECONNREFUSED 127.0.0.1:27017
Let's explore the arguments:
% mongosh --help
$ mongosh [options] [db address] [file names (ending in .js or .mongodb)]
Options:
-h, --help Show this usage information
-f, --file [arg] Load the specified mongosh script
--host [arg] Server to connect to
--port [arg] Port to connect to
--build-info Show build information
--version Show version information
--quiet Silence output from the shell during the connection process
--shell Run the shell after executing files
--nodb Don't connect to mongod on startup - no 'db address' [arg] expected
--norc Will not run the '.mongoshrc.js' file on start up
--eval [arg] Evaluate javascript
--json[=canonical|relaxed] Print result of --eval as Extended JSON, including errors
--retryWrites[=true|false] Automatically retry write operations upon transient network errors (Default: true)
Authentication Options:
-u, --username [arg] Username for authentication
-p, --password [arg] Password for authentication
--authenticationDatabase [arg] User source (defaults to dbname)
--authenticationMechanism [arg] Authentication mechanism
--awsIamSessionToken [arg] AWS IAM Temporary Session Token ID
--gssapiServiceName [arg] Service name to use when authenticating using GSSAPI/Kerberos
--sspiHostnameCanonicalization [arg] Specify the SSPI hostname canonicalization (none or forward, available on Windows)
--sspiRealmOverride [arg] Specify the SSPI server realm (available on Windows)
TLS Options:
--tls Use TLS for all connections
--tlsCertificateKeyFile [arg] PEM certificate/key file for TLS
--tlsCertificateKeyFilePassword [arg] Password for key in PEM file for TLS
--tlsCAFile [arg] Certificate Authority file for TLS
--tlsAllowInvalidHostnames Allow connections to servers with non-matching hostnames
--tlsAllowInvalidCertificates Allow connections to servers with invalid certificates
--tlsCertificateSelector [arg] TLS Certificate in system store (Windows and macOS only)
--tlsCRLFile [arg] Specifies the .pem file that contains the Certificate Revocation List
--tlsDisabledProtocols [arg] Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2]
--tlsFIPSMode Enable the system TLS library's FIPS mode
API version options:
--apiVersion [arg] Specifies the API version to connect with
--apiStrict Use strict API version mode
--apiDeprecationErrors Fail deprecated commands for the specified API version
FLE Options:
--awsAccessKeyId [arg] AWS Access Key for FLE Amazon KMS
--awsSecretAccessKey [arg] AWS Secret Key for FLE Amazon KMS
--awsSessionToken [arg] Optional AWS Session Token ID
--keyVaultNamespace [arg] database.collection to store encrypted FLE parameters
--kmsURL [arg] Test parameter to override the URL of the KMS endpoint
OIDC auth options:
--oidcFlows[=auth-code,device-auth] Supported OIDC auth flows
--oidcRedirectUri[=url] Local auth code flow redirect URL [http://localhost:27097/redirect]
--oidcTrustedEndpoint Treat the cluster/database mongosh as a trusted endpoint
--oidcIdTokenAsAccessToken Use ID tokens in place of access tokens for auth
--oidcDumpTokens[=mode] Debug OIDC by printing tokens to mongosh's output [redacted|include-secrets]
--oidcNoNonce Don't send a nonce argument in the OIDC auth request
DB Address Examples:
foo Foo database on local machine
192.168.0.5/foo Foo database on 192.168.0.5 machine
192.168.0.5:9999/foo Foo database on 192.168.0.5 machine on port 9999
mongodb://192.168.0.5:9999/foo Connection string URI can also be used
File Names:
A list of files to run. Files must end in .js and will exit after unless --shell is specified.
Examples:
Start mongosh using 'ships' database on specified connection string:
$ mongosh mongodb://192.168.0.5:9999/ships
For more information on usage: https://mongodb.com/docs/mongodb-shell.
To test connection:
% mongosh "mongodb://myuser:pass@mongo0.example.com:27017,mongo1.example.com:27017,mongo2.example.com:27017"
Current Mongosh Log ID: 6853ed1a745676a15bb62b1f
Connecting to: mongodb://<credentials>@mongo0.example.com:27017,mongo1.example.com:27017,mongo2.example.com:27017/?appName=mongosh+2.5.3
Using MongoDB: 8.0.8-3
Using Mongosh: 2.5.3
For mongosh info see: https://www.mongodb.com/docs/mongodb-shell/
To help improve our products, anonymous usage data is collected and sent to MongoDB periodically (https://www.mongodb.com/legal/privacy-policy).
You can opt-out by running the disableTelemetry() command.
------
The server generated these startup warnings when booting
2025-06-11T15:17:19.361+00:00: While invalid X509 certificates may be used to connect to this server, they will not be considered permissible for authentication
------
[mongos] test>
To test if this is a master cluster:
[mongos] test> db.runCommand({ isMaster: 1 })
{
ismaster: true,
msg: 'isdbgrid',
topologyVersion: {
processId: ObjectId('68499daa6d644d093f3230a7'),
counter: Long('0')
},
maxBsonObjectSize: 16777216,
maxMessageSizeBytes: 48000000,
maxWriteBatchSize: 100000,
localTime: ISODate('2025-06-19T10:58:20.543Z'),
logicalSessionTimeoutMinutes: 30,
connectionId: 7122158,
maxWireVersion: 25,
minWireVersion: 0,
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1750330700, i: 1 }),
signature: {
hash: Binary.createFromBase64('2yaQ2MNlRYg3aXYhfRzQ4jxXIA0=', 0),
keyId: Long('7511354796578701336')
}
},
operationTime: Timestamp({ t: 1750330700, i: 1 })
}
To issue hello command (which returns a document that describes the role of the mongod instance):
[mongos] test> db.runCommand({ hello: 1 })
{
isWritablePrimary: true,
msg: 'isdbgrid',
topologyVersion: {
processId: ObjectId('68499d52d772b382ee78bcc8'),
counter: Long('0')
},
maxBsonObjectSize: 16777216,
maxMessageSizeBytes: 48000000,
maxWriteBatchSize: 100000,
localTime: ISODate('2025-06-19T10:58:43.289Z'),
logicalSessionTimeoutMinutes: 30,
connectionId: 7126567,
maxWireVersion: 25,
minWireVersion: 0,
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1750330723, i: 1 }),
signature: {
hash: Binary.createFromBase64('4en7J3oSF9fRGUUOHmkq4icWsOQ=', 0),
keyId: Long('7511354796578701336')
}
},
operationTime: Timestamp({ t: 1750330723, i: 1 })
}
[mongos] test>
