diff --git a/app-configs/rinoa/mongodb/config/keyfile.j2 b/app-configs/rinoa/mongodb/config/keyfile.j2
new file mode 100644
index 0000000..eca8822
--- /dev/null
+++ b/app-configs/rinoa/mongodb/config/keyfile.j2
@@ -0,0 +1 @@
+{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGODB_REPLICA_SET_KEY'] }}
\ No newline at end of file
diff --git a/app-configs/rinoa/mongodb/config/mongodb.conf b/app-configs/rinoa/mongodb/config/mongodb.conf
new file mode 100644
index 0000000..f5205f6
--- /dev/null
+++ b/app-configs/rinoa/mongodb/config/mongodb.conf
@@ -0,0 +1,50 @@
+# mongod.conf
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# where and how to store data.
+storage:
+  dbPath: /data/mongodb/dbs
+  directoryPerDB: true
+
+# where to write logging data.
+systemLog:
+  destination: file
+  quiet: false
+  logAppend: true
+  logRotate: reopen
+  path: /data/mongodb/logs/mongodb.log
+  verbosity: 1
+
+# network interfaces
+net:
+  port: 27017
+  unixDomainSocket:
+    enabled: true
+    pathPrefix: /data/mongodb/tmp
+  ipv6: false
+  bindIpAll: true
+  #bindIp:
+
+# replica set options
+replication:
+  replSetName: rinoa
+  enableMajorityReadConcern: true
+
+# sharding options
+#sharding:
+#clusterRole:
+
+# process management options
+processManagement:
+  fork: false
+  pidFilePath: /data/mongodb/tmp/mongodb.pid
+
+# set parameter options
+setParameter:
+  enableLocalhostAuthBypass: false
+
+# security options
+security:
+  authorization: enabled
+  keyFile: /etc/mongodb/keyfile