Bug #75905 Option to initialize with random password and store the password in .mylogin.cnf
Submitted: 15 Feb 2015 9:51
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Open Impact on me:
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.7 OS:Any
Assigned to: CPU Architecture:Any
Tags: initialize, password, Security

[15 Feb 2015 9:51] Daniël van Eeden
Please add an option to initialize a database with a random root password and then store this password in .mylogin.cnf as login path.

This can make it easier to provision MySQL servers with an automation tool like puppet.

1. securely initialize a database (mysql_install_db or --initialize)
2. Grab the password from .mysql_secret or the error log
3. Then use this password to login and change it.

1. Insecurely initialize
2. Then set the password.

Currently most automation tools use the second method, but could use the first method if step 2 was not needed anymore:

How to repeat:
See description

Suggested fix:
Proposed method:
1. securely initialize a database (mysql_install_db or --initialize)
2. Then use the login path to login and change it.
3. Remove and/or update the login path

On systems with multiple mysqld installations a --login-path option could be used to indicate the name of the login path.

mysqld --initialize --store-loginpath 
# Stored in the default login path ('client'?)

mysqld --initialize --store-loginpath --login-path=foobar
# Stored in the 'foobar' login path.