h0tw1r3
commented
4 months ago Unfortunately Mariadb does not support mysql_config_editor. for essentially "obscurity is not security" reasons.
Because the passwords are easily reversible, storing the password in plain text vs obfuscated offers no benefits. Using appropriately restrictive file permissions is the current best practice.
ubellavance
Use Case
I'm not sure if that could apply to root password, but it would be useful to be able to create
.my.cnffiles with encrypted passwords withmysql_config_editor. Would definitely be useful for backup scripts. This would allow a scenario where no cleartext passwords are stored on the server by puppet (but Puppet would still be able to run as the root MySQL user)Describe the Solution You Would Like
Allow a user to have a boolean parameter to determine whether to create an encrypted
.my.cnfin the user's home directory or not. Ideally, this would be the default for backup tasks created by the module (and remove passwords from scripts or crontabs).