Securely Store MySQL Credentials with mysql_config_editor

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.

MySQL includes the mysql_config_editor utility, which is used to store your MySQL credentials inside of an encrypted file in your home directory: ~/.mylogin.cnf. The file is obfuscated and cannot be viewed in plaintext unless running the print command. Any stored passwords are never made visible. This arrangement adds a layer of security and convenience when connecting to your database using command-line tools like mysql or mysqldump.

Each set of credentials is stored in option groups called login paths. You can create your own custom login paths, which you can then specify when connecting to your database.

Create or Edit Credentials

Run the set command to store your credentials and database connection details. Replace [name] with whatever name you wish to use for your custom login path, [username] with your MySQL username, and [host] with the remote host IP or domain (if you are connecting to a remote database). You can also specify the port (--port) and socket (-socket) if needed.

mysql_config_editor set --login-path=[name] --user=[username] --host=[host] --password --warn
Note
You can also use special login path names, which are used by default in certain commands without needing to specify it. These special login paths include client and mysql for the mysql command and mysqldump for the mysqldump command.

View Stored Credentials

Run the print command to view all login paths (--all). You can also view a specific login path by adding the --login-path=[name] option, replacing [name] with the name of your login path.

mysql_config_editor print --all

In the example output below, there is a single login path called example-path that is storing the user (admin), the password (which cannot be viewed), and the host.

[example-path]
user = "admin"
password = *****
host = "db-server.example.com"

Remove Stored Credentials

If you don’t want your system user to be able to access the database, it’s recommended that you delete any stored credentials. In addition to being able to remove the entire login path, you can also remove an individual option if needed.

To remove the entire login path, run the following command. Replace [name] with the name of your login path.

mysql_config_editor remove --login-path=[name]

To only remove a specific option from the login path, append the option you wish to remove. For example, the command below removes the --host option from the stored login path.

mysql_config_editor remove --login-path=[name] --host

Connecting to a Database Using Stored Credentials

To specify a set of stored credentials in the mysql or mysqldump command, use the --login-path=[] (or -G []) option as show below. Replace [name] with the name of your login path.

mysqldump --login-path=[name] exampledatabase > backup.sql

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on


Your Feedback Is Important

Let us know if this guide was helpful to you.


Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.