search

Digitalist-Open-Cloud / Matomo-Plugin-ExtraTools

ExtraTools is a plugin for Matomo, which provides some console commands.
https://digitalist.cloud/
GNU General Public License v3.0
26 stars 12 forks source link

Install with password prompt forgets the password #24

Closed mwithheld closed 2 years ago

mwithheld commented 3 years ago

Install with password prompt prompts correctly, but forgets the password

`$ ./console matomo:install --db-host=myremotedb.mysql.mydomain.com --db-username=mydbusername --db-name=mydbname --db-prefix=matomo Are you really sure you would like to install Matomo - if you have an installation already, it will be wiped? y Enter password: Database "mydbname" dropped

Enter password: Database "mydbname" created Installing Matomo Starting install Deleting cache Initialising Database Connections Database connection failed. Retrying in 10 seconds. SQLSTATE[HY000] [1045] Access denied for user 'mydbusername'@'thiserver.mydomain.com' (using password: NO) Database connection failed. Retrying in 20 seconds. SQLSTATE[HY000] [1045] Access denied for user 'mydbusername'@'thiserver.mydomain.com' (using password: NO)`

If you use --do-not-drop-db it's the same problem.

jorgeuos commented 3 years ago

Hi, If you don't want to pass the --db-pass=password in clear text you could export it as an env variable. Check the install examples in the README.md file. MATOMO_DB_PASSWORD

Try:

export MATOMO_DB_PASSWORD=YOUR_SECRET_PASS

Or pass it as a reference:

$ ./console matomo:install --db-host=myremotedb.mysql.mydomain.com --db-username=mydbusername --db-pass=$MATOMO_DB_PASSWORD --db-name=mydbname --db-prefix=matomo

In docker, docker-compose or yaml, you would use a .env file and it would be something like:

    environment:
      - MATOMO_DB_PASSWORD=${MATOMO_DB_PASSWORD}

In K8s you would use secrets, it would look something like:

  - name: MATOMO_DB_PASSWORD
    valueFrom:
      secretKeyRef:
        key: mysql-matomo-password
        name: matomo-db-mysql-login

Or you could add it to a install.json file:

{
  ...,
  "database": {
      "username": "mydbusername",
      "password": "YOUR_SECRET_PASS",
      "host": "myremotedb.mysql.mydomain.com",
      "dname": "mydbname",
      "tables_prefix": "matomo_"
  },
  ...,
}

Otherwise you would use the config.ini.php file and add it like:

[database]
host = "myremotedb.mysql.mydomain.com"
username = "mydbusername"
password = "YOUR_SECRET_PASS"
dbname = "mydbname"
tables_prefix = "matomo_"

Could those alternatives solve it for you?

Br, Jorge

mwithheld commented 3 years ago

Yes the .json or .ini options would solve it. Setting an environment variable would still mean the password is logged, unless I script that part. Thanks Jorge!

jorgeuos commented 3 years ago

No problem! I believe a .env with your credentials should be sufficient and would not be logged though.