Mysqldump launched by cron and password security

Question

I wrote a script to backup my MySQL databases using:

mysqldump --opt --all-databases -u user -pmypassword > myDump.sql

A cron launches i

Answer 1

The accepted answer stores the password in a plain text file, which could be read by anyone with administrative (root) access. If your database is in a shared hosting environment, this is undesirable.

A better option would be to use mysql_config_editor to create an encrypted login path named mysqldump. According to the MySQL documentation:

mysql_config_editor encrypts the .mylogin.cnf file so it cannot be read as cleartext, and its contents when decrypted by client programs are used only in memory. In this way, passwords can be stored in a file in non-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable.

The following command will create your mysqldump login path:

mysql_config_editor set --login-path=mysqldump --host=your_hostname --user=your_username --password

You will be prompted to enter your password, and the login path you created will be stored in encrypted format. mysqldump will automatically use this login path whenever you call it in the future, unless you specify a different login path with the --login-path command line option.

Here is how you would invoke mysqldump after creating an encrypted login path:

mysqldump database_name > output_file