Securing backup credentials for MySQLDump

Question

I want to use MySQLDump to backup the db on a weekly basis using a cron job. I don't want to hardcode the credentials in the shell script. The MySQL db version is 5.1, so mysql-config-editor is not available. I am aware of the options file, which I can secure using linux file permissions of 600. Is there a way to encrypt the credentials and make them unreadable?

Answer 1

The latest version of MySQL 5.6 Addresses this problem. You can now encrypt the password for a command line login using mysql_config_editor

Answer 2

Is there a way to encrypt the credentials and make them unreadable?

Ask yourself who do you want to protect the file from and why is encryption going to help besides normal file permissions.

If you are going to encrypt the file containing the password, you have to make sure that the legitimate backup process has access to the encryption keys so it can read the password from the file. Then you have to make sure all the other processes don't have access to those keys.

Since this further complicates things, this increases the risk on a leak without adding much security on top of the basic file system security model. So I would recommend to stick with the right ownership and file permissions on the .my.cnf file.

Further reading: http://benlog.com/articles/2012/04/30/encryption-is-not-gravy/

I personally run mysqldump daily as root via cron. In order to break this an attacker needs to break basic file system privileges before it can access /root/.my.cnf (mode is 600 and owned by root). If an attacker is able to do that, he probably can directly access the database files as well so an encrypted password file wouldn't have helped here.

You can also setup a dedicated system user for the sole purpose of running mysqldump as long as the mode on ~/.my.cnf is 600 and the ownership is set to that system user.

ps. this is the mysql backup script I run daily on my machines: https://gist.github.com/timkuijsten/6067107