Securely Store MySQL Credentials with mysql_config_editor
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
MySQL includes the mysql_config_editor utility, which is used to store your MySQL credentials inside of an encrypted file in your home directory:
~/.mylogin.cnf. The file is obfuscated and cannot be viewed in plaintext unless running the print command. Any stored passwords are never made visible. This arrangement adds a layer of security and convenience when connecting to your database using command-line tools like mysql or mysqldump.
Each set of credentials is stored in option groups called login paths. You can create your own custom login paths, which you can then specify when connecting to your database.
set command to store your credentials and database connection details. Replace [name] with whatever name you wish to use for your custom login path, [username] with your MySQL username, and [host] with the remote host IP or domain (if you are connecting to a remote database). You can also specify the port (
--port) and socket (
-socket) if needed.
mysql_config_editor set --login-path=[name] --user=[username] --host=[host] --password --warn
mysqlfor the mysql command and
mysqldumpfor the mysqldump command.
--all). You can also view a specific login path by adding the
--login-path=[name] option, replacing [name] with the name of your login path.
mysql_config_editor print --all
In the example output below, there is a single login path called example-path that is storing the user (admin), the password (which cannot be viewed), and the host.
[example-path] user = "admin" password = ***** host = "db-server.example.com"
If you don’t want your system user to be able to access the database, it’s recommended that you delete any stored credentials. In addition to being able to remove the entire login path, you can also remove an individual option if needed.
To remove the entire login path, run the following command. Replace [name] with the name of your login path.
mysql_config_editor remove --login-path=[name]
To only remove a specific option from the login path, append the option you wish to remove. For example, the command below removes the
--host option from the stored login path.
mysql_config_editor remove --login-path=[name] --host
To specify a set of stored credentials in the mysql or mysqldump command, use the
-G ) option as show below. Replace [name] with the name of your login path.
mysqldump --login-path=[name] exampledatabase > backup.sql
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on