Use mysql_config_editor for passwords
ubellavance opened this issue · 2 comments
Use Case
I'm not sure if that could apply to root password, but it would be useful to be able to create .my.cnf files with encrypted passwords with mysql_config_editor. Would definitely be useful for backup scripts. This would allow a scenario where no cleartext passwords are stored on the server by puppet (but Puppet would still be able to run as the root MySQL user)
Describe the Solution You Would Like
Allow a user to have a boolean parameter to determine whether to create an encrypted .my.cnf in the user's home directory or not. Ideally, this would be the default for backup tasks created by the module (and remove passwords from scripts or crontabs).
Unfortunately Mariadb does not support mysql_config_editor. for essentially "obscurity is not security" reasons.
Because the passwords are easily reversible, storing the password in plain text vs obfuscated offers no benefits. Using appropriately restrictive file permissions is the current best practice.
Thanks for the precision, it's greatly appreciated.