diff --git a/README.md b/README.md
index 6acef22..36cc7ca 100644
--- a/README.md
+++ b/README.md
@@ -206,7 +206,7 @@ type MongoServiceOptions = {
   type: 'MONGO';
   serviceName: string;
   username: pulumi.Input<string>;
-  password: pulumi.Input<string>;
+  password?: pulumi.Input<string>;
   port?: pulumi.Input<number>;
   size?: pulumi.Input<Size>;
   tags?: pulumi.Input<{
@@ -586,7 +586,7 @@ export type MongoArgs = {
   vpcCidrBlock: pulumi.Input<string>;
   privateSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
   username: pulumi.Input<string>;
-  password: pulumi.Input<string>;
+  password?: pulumi.Input<string>;
   port?: pulumi.Input<number>;
   size?: pulumi.Input<Size>;
   tags?: pulumi.Input<{
@@ -595,6 +595,10 @@ export type MongoArgs = {
 };
 ```
 
+If the password is not specified it will be autogenerated.
+The mongo password is stored as a secret inside AWS Secret Manager.
+The secret will be available on the `Mongo` resource as `passwordSecret`.
+
 ### Ecs Service
 
 AWS ECS Fargate.
diff --git a/src/components/mongo.ts b/src/components/mongo.ts
index 83390f4..7bcf14d 100644
--- a/src/components/mongo.ts
+++ b/src/components/mongo.ts
@@ -1,5 +1,6 @@
 import * as pulumi from '@pulumi/pulumi';
 import * as aws from '@pulumi/aws';
+import * as random from '@pulumi/random';
 import { commonTags } from '../constants';
 import { EcsService, EcsServiceArgs } from './ecs-service';
 
@@ -12,10 +13,10 @@ export type MongoArgs = Pick<
    */
   username: pulumi.Input<string>;
   /**
-   * Password for the master DB user.
+   * Password for the master DB user. If not specified it will be autogenerated.
    * The value will be stored as a secret in AWS Secret Manager.
    */
-  password: pulumi.Input<string>;
+  password?: pulumi.Input<string>;
   privateSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
   /**
    * Exposed service port. Defaults to 27017.
@@ -40,7 +41,9 @@ export class Mongo extends pulumi.ComponentResource {
     const { username, password, privateSubnetIds, ...ecsServiceArgs } = args;
 
     this.name = name;
-    this.passwordSecret = this.createPasswordSecret(password);
+
+    const mongoPassword = password || this.createRandomPassword();
+    this.passwordSecret = this.createPasswordSecret(mongoPassword);
 
     this.service = new EcsService(
       name,
@@ -75,6 +78,16 @@ export class Mongo extends pulumi.ComponentResource {
     this.registerOutputs();
   }
 
+  private createRandomPassword() {
+    const password = new random.RandomPassword(`${this.name}-mongo-password`, {
+      length: 16,
+      overrideSpecial: '_%$',
+      special: true,
+    });
+
+    return password.result;
+  }
+
   private createPasswordSecret(password: MongoArgs['password']) {
     const project = pulumi.getProject();
     const stack = pulumi.getStack();