phpMyAdmin: secret passphrase?

Question

I am using MAMP and every time I login to phpMyAdmin, I am getting the following error/warning message:

the configuration file now needs a secret passphrase (blowfish_secret).

I have not messed around with any of this settings before. Can someone please clarify this error.

Here is the info on my db server:

Server: Localhost via UNIX socket Server type: MySQL Server version: 5.5.34 - Source distribution Protocol version: 10

Answer 1

I faced this error while updating phpMyAdmin to a new version on Ubuntu 22.04 with Apache2.

Go to /var/lib/phpmyadmin/blowfish_secret.inc.php and copy the value of $cfg['blowfish_secret'].

Navigate to /usr/share/phpmyadmin. Rename config.sample.inc.php to config.inc.php, and update the $cfg['blowfish_secret'] value of config.inc.php with the previously copied value

3. apache restart

Answer 2

For Ubuntu 20.04 Or 22.04 with Nginx,

Step 1:-

Create a new custom settings file inside the /etc/phpmyadmin/conf.d directory and name it pma_secure.php:

sudo nano /etc/phpmyadmin/conf.d/pma_secure.php

Then add the following content to the new file:

<?php

# PhpMyAdmin Settings
# This should be set to a random string of at least 32 chars
$cfg['blowfish_secret'] = 'CHANGE_THIS_TO_A_STRING_OF_32_RANDOM_CHARACTERS';

$i=0;
$i++;

$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['Servers'][$i]['AllowRoot'] = true; //set it false if you want to disable logins by the root MySQL user     
?>

Step 2:-

Update the line that reads 'CHANGE_THIS_TO_A_STRING_OF_32_RANDOM_CHARACTERS' to a random string containing at least 32 characters.

Note:- The changes will apply automatically. You just need to logout and login PhpMyAdmin.

Answer 3

Any string with 32 chars long will do, sample:

^M5Pk*FD1cQp9*M9!U!@c59p@huqsphZ

So, your final code will look like:

$cfg['blowfish_secret'] = '^M5Pk*FD1cQp9*M9!U!@c59p@huqsphZ';

You may generate it online, set Password Length to 32:

lastpass password generator

Answer 4

The configuration file now needs a secret passphrase (blowfish_secret).

You’ll see this error after every installation of phpmyadmin.

To resolve this issue, just open config.inc.php ( or rename config.sample.inc.php to config.inc.php if you haven’t done so yet ) and change this line

$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

to

$cfg['blowfish_secret'] = 'y[/qlva{kNheGD5hfzFLrNoS-ZX\zQ/';

To generate new blowfish secret, simply hit this https://phpsolved.com/phpmyadmin-blowfish-secret-generator/?g=5d94be5065c70

Answer 5

This might help, https://wiki.archlinux.org/index.php/PhpMyAdmin#Add_blowfish_secret_passphrase

If you see the following error message at the bottom of the page when you first log in to /phpmyadmin (using a previously setup MySQL username and password) :

ERROR: The configuration file now needs a secret passphrase (blowfish_secret)  

You need to add a blowfish password to the phpMyAdmin's config file. Edit /etc/webapps/phpmyadmin/config.inc.php and insert a random blowfish "password" in the line

$cfg['blowfish_secret'] = ; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  

It should now look something like this:

$cfg['blowfish_secret'] = 'qtdRoGmbc9{8IZr323xYcSN]0s)r$9b_JUnb{~Xz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  

This all assumes you've already properly created the config file,

cp config.sample.inc.php config.inc.php

Answer 6

Actually, that's only a "secret string" like "my personal secret". Look here.