Skip to main content

Secure login to MySQL for bash scripts

Introduction

In this blog we will connect to a mysql via CLI from a bash script for generating a db dump. A cleaner approach for the same is using mysql config editor. In this blog we are taking an example of a mysql container running inside docker and we have a script for taking a db backup using mysqldump. We will not use a password as a parameter to mysqldump command instead we will use something called as login path.

MySQL config editor

It is a utility to store authentication credentials in a obfuscated login path file named as .mylogin.cnf.

How to do it ?

View existing configurations

To view existing configurations if there are any use below command. The command will output existing configurations if there are otherwise it won't print anything.

mysql_config_editor print --all

Sample output

In the output below you can see that the password is obfuscated and is not readable directly. It is handled by the mysql utilities to use this password as per the flags passed.

[client]
[local]
user = root
password = *****
host = localhost

Add new configurations

Use below command to add new configurations. You can connect to the container shell (also called as Integrated terminal) from the docker desktop. You need to click the container. In the container details section you will see multiple tabs. One of the tabs is the Exec tab. It is used for running the shell commands inside the container.  Checkout the screenshot below.

MySQL docker container details showing integrated terminal




It will ask for the password when you execute this command. Enter the same and it will be saved in the .mylogin.cnf file. The location of the file is as per the documentation mentioned here.

mysql_config_editor set --login-path=local --host=localhost --user=root --password

MySQL DB dump from a docker container

Use below command from the host machine to generate the mysqldump for a mysql container. The command uses the login-path=local we created in previous step. Please note below points
  • CONTAINER_NAME: Is the mysql container name you have given in the docker-compose.yml file. (Ex: testdb )
  • BACKUP_FILE_PATH: Is the absolute path with the filename on the host machine wherein the file will be generated. (Ex: /opt/backup)
docker exec <CONTAINER_NAME> sh -c 'exec mysqldump --login-path=local --all-databases' > <BACKUP_FILE_PATH>

For example

docker exec testdb sh -c 'exec mysqldump --login-path=local --all-databases' > /opt/backup/mysql_backup.sql

Summary

We can now securely run a database backup script without exposing the password in the CLI. Although there are other ways but this one suited my requirement and use case. You can explore more on the official mysql documentation.
Labels:

Comments

Post a Comment

Popular posts from this blog

How to install Google font on MacOS

Introduction Google fonts are open source. I was reading through the new angular website  and was astonished by the beautiful font used in the code editor shown in the samples. The font name is DM Mono . I wanted to use the same font on my Visual studio code editor for the Angular project development but I could not find a good blog which will guide through the installation process. Hence I am documenting this blog for the same. Get the font Follow below steps to download a font from Google fonts website . Visit the Google fonts website .  Search for the font you like for example DM Mono Click on the Get font button It will download a zip containing ttf format files Install the font on MacOS Once the zip is downloaded in the default downloads folder on your Mac. Follow below steps Double click to uzip the zip Open the folder Ex: DM_Mono Select all files with extension as .ttf and do not select other files like txt or some other format Keeping all the files selected double clic...
Post a Comment
Read more

Ruby on rails with Nexus

Introduction In this blog we will use nexus setup for NPM for a project which uses Ruby on rails. In this ruby on rails project we are using YARN and BUN  framework. We did setup a nexus NPM proxy and private repo but yarn could not fetch the npm dependencies via the nexus proxy. The rails assets precompile task however uses bun which uses npm. YARN is a wrapper on the NPM hence it does not entirely rely on NPM. BUN is a runtime which performs all the NPM tasks. Our goal in this blog is to understand how to handle this scenario in a ruby on rails project when use NEXUS NPM proxy. Technical specifications We have below versions of the tools NEXUS : 3.37.1-01 NPM : 9.5.0 NODE : v18.15.0 NVM : 0.39.1 ( Node version manager ) Mac OS : Sonoma 14.2 YARN : 3.5.1 BUN : 1.0.0 Steps Below are the steps required Configure NPM proxy in NEXUS Configure NPM private hosted repo Configure NPM group in NEXUS Change local NPM config for registry Change the YARN config for registry Configure BUN co...
Post a Comment
Read more