mysqlautomationbackuppassword-less

backup mysql without login to mysql users


Is it possible to backup database in mysql without using mysql user ?

Problem: I want to make a backup system using ansible, but I have a problem at the time of database backup due to it is required to declare user and password mysql user in order to perform these backups. So for reasons of security and efficiency, I want to backup without the declaration of user and password.


Solution

  • First things first

    You "could" only do this reasonably, under one of two conditions.

    But, please don't do these!

    Why not?

    How your database should be stored/utilized on a production machine

    Now you are likely thinking...how do you expect me to do this? You said I can't include the credentials in the script.

    What am I to do then?

    Instead you'll want to utilize a secure credential distribution method, it could be something simple or complex. But generally, a few rules of thumb for a credential distribution service.

    There are a variety of existing methods to distribute credentials to your applications. I highly recommend using something which has already been tested and proven rather than developing your own whenever possible.

    Note: You should also distribute your production private keys/certificates in a similar manner. Never include them in an install package, source repo, or just leave them lying on the machine when that machine is effectively down. A startup script can download the needed certificate, and when the service exits you can use the shutdown script to cleanly wipe the private key/certificate file. I stop short of saying wipe these files after the application starts up as some applications re-read or lock these files while the service is running.

    Note2: None of this is intended to completely stop an attack or compromise, these recommendations are only to limit the attack surface area. Because, the more things you leave lying around, the easier it is for attackers to not only find them, but to also use them.

    Here are a few examples of secure credential distribution methods