1MYSQL_CONFIG_EDITOR(1)       MySQL Database System      MYSQL_CONFIG_EDITOR(1)
2
3
4

NAME

6       mysql_config_editor - configure authentication information for
7       connecting to MySQL server
8

SYNOPSIS

10       mysql_config_editor options command
11

DESCRIPTION

13       The mysql_config_editor utility enables you to store authentication
14       credentials in an obfuscated login path file named .mylogin.cnf. The
15       file location is the %APPDATA%\MySQL directory on Windows and the
16       current user's home directory on non-Windows systems. The file can be
17       read later by MySQL client programs to obtain authentication
18       credentials for connecting to MySQL Server.
19
20       The unobfuscated format of the .mylogin.cnf login path file consists of
21       option groups, similar to other option files. Each option group in
22       .mylogin.cnf is called a “login path,” which is a group that permits
23       only certain options: host, user, password, port and socket. Think of a
24       login path option group as a set of options that specify which MySQL
25       server to connect to and which account to authenticate as. Here is an
26       unobfuscated example:
27
28           [client]
29           user = mydefaultname
30           password = mydefaultpass
31           host = 127.0.0.1
32           [mypath]
33           user = myothername
34           password = myotherpass
35           host = localhost
36
37       When you invoke a client program to connect to the server, the client
38       uses .mylogin.cnf in conjunction with other option files. Its
39       precedence is higher than other option files, but less than options
40       specified explicitly on the client command line. For information about
41       the order in which option files are used, see Section 4.2.2.2, “Using
42       Option Files”.
43
44       To specify an alternate login path file name, set the
45       MYSQL_TEST_LOGIN_FILE environment variable. This variable is recognized
46       by mysql_config_editor, by standard MySQL clients (mysql, mysqladmin,
47       and so forth), and by the mysql-test-run.pl testing utility.
48
49       Programs use groups in the login path file as follows:
50
51       ·   mysql_config_editor operates on the client login path by default if
52           you specify no --login-path=name option to indicate explicitly
53           which login path to use.
54
55       ·   Without a --login-path option, client programs read the same option
56           groups from the login path file that they read from other option
57           files. Consider this command:
58
59               shell> mysql
60
61           By default, the mysql client reads the [client] and [mysql] groups
62           from other option files, so it reads them from the login path file
63           as well.
64
65       ·   With a --login-path option, client programs additionally read the
66           named login path from the login path file. The option groups read
67           from other option files remain the same. Consider this command:
68
69               shell> mysql --login-path=mypath
70
71           The mysql client reads [client] and [mysql] from other option
72           files, and [client], [mysql], and [mypath] from the login path
73           file.
74
75       ·   Client programs read the login path file even when the
76           --no-defaults option is used. This permits passwords to be
77           specified in a safer way than on the command line even if
78           --no-defaults is present.
79
80       mysql_config_editor obfuscates the .mylogin.cnf file so it cannot be
81       read as cleartext, and its contents when unobfuscated by client
82       programs are used only in memory. In this way, passwords can be stored
83       in a file in non-cleartext format and used later without ever needing
84       to be exposed on the command line or in an environment variable.
85       mysql_config_editor provides a print command for displaying the login
86       path file contents, but even in this case, password values are masked
87       so as never to appear in a way that other users can see them.
88
89       The obfuscation used by mysql_config_editor prevents passwords from
90       appearing in .mylogin.cnf as cleartext and provides a measure of
91       security by preventing inadvertent password exposure. For example, if
92       you display a regular unobfuscated my.cnf option file on the screen,
93       any passwords it contains are visible for anyone to see. With
94       .mylogin.cnf, that is not true. But the obfuscation used will not deter
95       a determined attacker and you should not consider it unbreakable. A
96       user who can gain system administration privileges on your machine to
97       access your files could unobfuscate the .mylogin.cnf file with some
98       effort.
99
100       The login path file must be readable and writable to the current user,
101       and inaccessible to other users. Otherwise, mysql_config_editor ignores
102       it, and client programs do not use it, either.
103
104       Invoke mysql_config_editor like this:
105
106           shell> mysql_config_editor [program_options] command [command_options]
107
108       If the login path file does not exist, mysql_config_editor creates it.
109
110       Command arguments are given as follows:
111
112       ·   program_options consists of general mysql_config_editor options.
113
114       ·   command indicates what action to perform on the .mylogin.cnf login
115           path file. For example, set writes a login path to the file, remove
116           removes a login path, and print displays login path contents.
117
118       ·   command_options indicates any additional options specific to the
119           command, such as the login path name and the values to use in the
120           login path.
121
122       The position of the command name within the set of program arguments is
123       significant. For example, these command lines have the same arguments,
124       but produce different results:
125
126           shell> mysql_config_editor --help set
127           shell> mysql_config_editor set --help
128
129       The first command line displays a general mysql_config_editor help
130       message, and ignores the set command. The second command line displays
131       a help message specific to the set command.
132
133       Suppose that you want to establish a client login path that defines
134       your default connection parameters, and an additional login path named
135       remote for connecting to the MySQL server the host remote.example.com.
136       You want to log in as follows:
137
138       ·   By default, to the local server with a user name and password of
139           localuser and localpass
140
141       ·   To the remote server with a user name and password of remoteuser
142           and remotepass
143
144       To set up the login paths in the .mylogin.cnf file, use the following
145       set commands. Enter each command on a single line, and enter the
146       appropriate passwords when prompted:
147
148           shell> mysql_config_editor set --login-path=client
149                    --host=localhost --user=localuser --password
150           Enter password: enter password "localpass" here
151           shell> mysql_config_editor set --login-path=remote
152                    --host=remote.example.com --user=remoteuser --password
153           Enter password: enter password "remotepass" here
154
155       mysql_config_editor uses the client login path by default, so the
156       --login-path=client option can be omitted from the first command
157       without changing its effect.
158
159       To see what mysql_config_editor writes to the .mylogin.cnf file, use
160       the print command:
161
162           shell> mysql_config_editor print --all
163           [client]
164           user = localuser
165           password = *****
166           host = localhost
167           [remote]
168           user = remoteuser
169           password = *****
170           host = remote.example.com
171
172       The print command displays each login path as a set of lines beginning
173       with a group header indicating the login path name in square brackets,
174       followed by the option values for the login path. Password values are
175       masked and do not appear as cleartext.
176
177       If you do not specify --all to display all login paths or
178       --login-path=name to display a named login path, the print command
179       displays the client login path by default, if there is one.
180
181       As shown by the preceding example, the login path file can contain
182       multiple login paths. In this way, mysql_config_editor makes it easy to
183       set up multiple “personalities” for connecting to different MySQL
184       servers, or for connecting to a given server using different accounts.
185       Any of these can be selected by name later using the --login-path
186       option when you invoke a client program. For example, to connect to the
187       remote server, use this command:
188
189           shell> mysql --login-path=remote
190
191       Here, mysql reads the [client] and [mysql] option groups from other
192       option files, and the [client], [mysql], and [remote] groups from the
193       login path file.
194
195       To connect to the local server, use this command:
196
197           shell> mysql --login-path=client
198
199       Because mysql reads the client and mysql login paths by default, the
200       --login-path option does not add anything in this case. That command is
201       equivalent to this one:
202
203           shell> mysql
204
205       Options read from the login path file take precedence over options read
206       from other option files. Options read from login path groups appearing
207       later in the login path file take precedence over options read from
208       groups appearing earlier in the file.
209
210       mysql_config_editor adds login paths to the login path file in the
211       order you create them, so you should create more general login paths
212       first and more specific paths later. If you need to move a login path
213       within the file, you can remove it, then recreate it to add it to the
214       end. For example, a client login path is more general because it is
215       read by all client programs, whereas a mysqldump login path is read
216       only by mysqldump. Options specified later override options specified
217       earlier, so putting the login paths in the order client, mysqldump
218       enables mysqldump-specific options to override client options.
219
220       When you use the set command with mysql_config_editor to create a login
221       path, you need not specify all possible option values (host name, user
222       name, password, port, socket). Only those values given are written to
223       the path. Any missing values required later can be specified when you
224       invoke a client path to connect to the MySQL server, either in other
225       option files or on the command line. Any options specified on the
226       command line override those specified in the login path file or other
227       option files. For example, if the credentials in the remote login path
228       also apply for the host remote2.example.com, connect to the server on
229       that host like this:
230
231           shell> mysql --login-path=remote --host=remote2.example.com
232
233       mysql_config_editor General Options
234
235       mysql_config_editor supports the following general options, which may
236       be used preceding any command named on the command line. For
237       descriptions of command-specific options, see mysql_config_editor
238       Commands and Command-Specific Options.
239
240       ·   --help, -?
241
242           Display a general help message and exit.
243
244           To see a command-specific help message, invoke mysql_config_editor
245           as follows, where command is a command other than help:
246
247               shell> mysql_config_editor command --help
248
249       ·   --debug[=debug_options], -# debug_options
250
251           Write a debugging log. A typical debug_options string is
252           d:t:o,file_name. The default is
253           d:t:o,/tmp/mysql_config_editor.trace.
254
255           This option is available only if MySQL was built using WITH_DEBUG.
256           MySQL release binaries provided by Oracle are not built using this
257           option.
258
259       ·   --verbose, -v
260
261           Verbose mode. Print more information about what the program does.
262           This option may be helpful in diagnosing problems if an operation
263           does not have the effect you expect.
264
265       ·   --version, -V
266
267           Display version information and exit.
268       mysql_config_editor Commands and Command-Specific Options
269
270       This section describes the permitted mysql_config_editor commands, and,
271       for each one, the command-specific options permitted following the
272       command name on the command line.
273
274       In addition, mysql_config_editor supports general options that can be
275       used preceding any command. For descriptions of these options, see
276       mysql_config_editor General Options.
277
278       mysql_config_editor supports these commands:
279
280       ·   help
281
282           Display a general help message and exit. This command takes no
283           following options.
284
285           To see a command-specific help message, invoke mysql_config_editor
286           as follows, where command is a command other than help:
287
288               shell> mysql_config_editor command --help
289
290       ·   print [options]
291
292           Print the contents of the login path file in unobfuscated form,
293           with the exception that passwords are displayed as *****.
294
295           The default login path name is client if no login path is named. If
296           both --all and --login-path are given, --all takes precedence.
297
298           The print command permits these options following the command name:
299
300           ·   --help, -?
301
302               Display a help message for the print command and exit.
303
304               To see a general help message, use mysql_config_editor --help.
305
306           ·   --all
307
308               Print the contents of all login paths in the login path file.
309
310           ·   --login-path=name, -G name
311
312               Print the contents of the named login path.
313
314       ·   remove [options]
315
316           Remove a login path from the login path file, or modify a login
317           path by removing options from it.
318
319           This command removes from the login path only such options as are
320           specified with the --host, --password, --port, --socket, and --user
321           options. If none of those options are given, remove removes the
322           entire login path. For example, this command removes only the user
323           option from the mypath login path rather than the entire mypath
324           login path:
325
326               shell> mysql_config_editor remove --login-path=mypath --user
327
328           This command removes the entire mypath login path:
329
330               shell> mysql_config_editor remove --login-path=mypath
331
332           The remove command permits these options following the command
333           name:
334
335           ·   --help, -?
336
337               Display a help message for the remove command and exit.
338
339               To see a general help message, use mysql_config_editor --help.
340
341           ·   --host, -h
342
343               Remove the host name from the login path.
344
345           ·   --login-path=name, -G name
346
347               The login path to remove or modify. The default login path name
348               is client if this option is not given.
349
350           ·   --password, -p
351
352               Remove the password from the login path.
353
354           ·   --port, -P
355
356               Remove the TCP/IP port number from the login path.
357
358           ·   --socket, -S
359
360               Remove the Unix socket file name from the login path.
361
362           ·   --user, -u
363
364               Remove the user name from the login path.
365
366           ·   --warn, -w
367
368               Warn and prompt the user for confirmation if the command
369               attempts to remove the default login path (client) and
370               --login-path=client was not specified. This option is enabled
371               by default; use --skip-warn to disable it.
372
373       ·   reset [options]
374
375           Empty the contents of the login path file.
376
377           The reset command permits these options following the command name:
378
379           ·   --help, -?
380
381               Display a help message for the reset command and exit.
382
383               To see a general help message, use mysql_config_editor --help.
384
385       ·   set [options]
386
387           Write a login path to the login path file.
388
389           This command writes to the login path only such options as are
390           specified with the --host, --password, --port, --socket, and --user
391           options. If none of those options are given, mysql_config_editor
392           writes the login path as an empty group.
393
394           The set command permits these options following the command name:
395
396           ·   --help, -?
397
398               Display a help message for the set command and exit.
399
400               To see a general help message, use mysql_config_editor --help.
401
402           ·   --host=host_name, -h host_name
403
404               The host name to write to the login path.
405
406           ·   --login-path=name, -G name
407
408               The login path to create. The default login path name is client
409               if this option is not given.
410
411           ·   --password, -p
412
413               Prompt for a password to write to the login path. After
414               mysql_config_editor displays the prompt, type the password and
415               press Enter. To prevent other users from seeing the password,
416               mysql_config_editor does not echo it.
417
418               To specify an empty password, press Enter at the password
419               prompt. The resulting login path written to the login path file
420               will include a line like this:
421
422                   password =
423
424           ·   --port=port_num, -P port_num
425
426               The TCP/IP port number to write to the login path.
427
428           ·   --socket=file_name, -S file_name
429
430               The Unix socket file name to write to the login path.
431
432           ·   --user=user_name, -u user_name
433
434               The user name to write to the login path.
435
436           ·   --warn, -w
437
438               Warn and prompt the user for confirmation if the command
439               attempts to overwrite an existing login path. This option is
440               enabled by default; use --skip-warn to disable it.
441
443       Copyright © 1997, 2020, Oracle and/or its affiliates. All rights
444       reserved.
445
446       This documentation is free software; you can redistribute it and/or
447       modify it only under the terms of the GNU General Public License as
448       published by the Free Software Foundation; version 2 of the License.
449
450       This documentation is distributed in the hope that it will be useful,
451       but WITHOUT ANY WARRANTY; without even the implied warranty of
452       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
453       General Public License for more details.
454
455       You should have received a copy of the GNU General Public License along
456       with the program; if not, write to the Free Software Foundation, Inc.,
457       51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see
458       http://www.gnu.org/licenses/.
459
460

SEE ALSO

462       For more information, please refer to the MySQL Reference Manual, which
463       may already be installed locally and which is also available online at
464       http://dev.mysql.com/doc/.
465

AUTHOR

467       Oracle Corporation (http://dev.mysql.com/).
468
469
470
471MySQL 8.0                         03/06/2020            MYSQL_CONFIG_EDITOR(1)
Impressum