Here’s how I got my bash script for my daily mysqldump database backups to work more securely.
1. First use mysql_config_editor (comes with mysql 5.6+) to set up the encrypted password file. Suppose your username is „db_user“. Running from the shell prompt:
mysql_config_editor set –login-path=local –host=localhost –user=db_user –password
It prompts for the password. Once you enter it, the user/pass are saved encrypted. Of course, change „system_username“ to your username on the server.
2. Change your shell script from this:
mysqldump -u db_user -pInsecurePassword my_database | gzip > db_backup.tar.gz
to this:
mysqldump –login-path=local my_database | gzip > db_backup.tar.gz
No more exposed passwords.