Pass password to mysql_config_editor using variable in shell

Question

I have password stored in a variable $db_pwd and I want to pass it to mysql_config_editor in a shell script. I can not use config file or db_pwd environment variable.

I am doing this

mysql_config_editor set --login-path=local --host=localhost --user=username --password

(https://stackoverflow.com/a/20854048/6487831) .

What it does is ask for password "Enter Password", but I wish to supply the password using variable.

I tried this :

mysql_config_editor set --login-path=local --host=localhost --user=username --password $db_pwd

and

mysql_config_editor set --login-path=local --host=localhost --user=username --password | echo $db_pwd

and

echo "$db_pwd" | mysql_config_editor set --login-path=local --host=localhost --user=username --password

and

• expect. But this leads to error in case there are warnings like "This path already exists, rewrite (y/n).
• options file, but they still give me variable not found error even when I am using it as the first argument. Is options file compatible with mysql config editor?

Any way to do this? Or should I revert to using mysql instead of mysql_config_editor?

Answer 1

I needed to run the mysql_config_edit command in a Dockerfile in order to use them as arguments. I was able to do it by using printf:

printf '%s' "myPassword" | mysql_config_editor set --login-path=myconnection --host=connection.host.com --user=myconuser --password

It worked pretty well.

Answer 2

Ran into this problem as well. My solution was to run the command once, and supply the password on prompt

mysql_config_editor set --login-path=local --host=localhost --user=username --password

This generates the file .mylogin.cnf in users home directory. Just copying this file (can be done from a bash script) to the user you want to give access using the --login-path option does the trick.

As I understand .mylogin.cnf is just an obfuscated way of storing a username and password for that particular --login-path

Answer 3

I found the other suggested answer did not work when there was no TTY. So I used this bash script that works in places like Terraform/ssh that doesn't have a terminal:

#!/bin/bash

if [ $# -ne 4 ]; then
  echo "Incorrect number of input arguments: $0 $*"
  echo "Usage: $0 <login> <host> <username> <password>"
  echo "Example: $0 test 10.1.2.3 myuser mypassword"
  exit 1
fi

login=$1
host=$2
user=$3
pass=$4

unbuffer expect -c "
spawn mysql_config_editor set --login-path=$login --host=$host --user=$user --password
expect -nocase \"Enter password:\" {send \"$pass\r\"; interact}
"

Test it:

./mysql_config.sh login 10.1.2.3 myuser mypass < /dev/null

Answer 4

The --password argument is designed to explicitly avoid passing a password on the command line, as this is considered bad security.

That being said, you could try to feed the password to mysql_config_editor anyway:

echo "$db_pwd" | mysql_config_editor set --login-path=local --host=localhost --user=username --password

(This may not work if mysql_config_editor insists on getting input from the current terminal instead of standard in; if that is the case, you don't have a way to provide the password from a variable).

As the answer you linked to states, you can use mysql directly to supply the password. Using mysql_config_editor is meant for storing the password in .mylogin.cnf in an encrypted form (i.e. you supply the password once from the terminal, it is then encrypted and saved in the config file, and mysql can use it from there).

Reference: https://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html

Update: You may be able to trick mysql_config_editor into thinking it is reading from an interactive terminal, by using the unbuffer utility:

echo "$db_pwd" | unbuffer -p mysql_config_editor set --login-path=local --host=localhost --user=username --password