Get MySQL Passwords in Plain Text from .mylogin.cnf

MySQL PasswordsThis post will tell you how to get MySQL passwords in plain text using the .mylogin.cnf file.

Since MySQL 5.6.6, it became possible to store MySQL credentials in an encrypted login path file named .mylogin.cnf, using the mysql_config_editor tool. This is better than in plain text anyway.

What if I need to read MySQL passwords in plain text?

Unfortunately (or intentionally), mysql_config_editor doesn’t allow it.

I wrote this blog post because I just faced this issue. I needed to get the password out of there. Surprisingly, it is simpler than I thought. While looking for an answer I found that some people created scripts to decrypt it (as it uses the AES-128 ECB algorithm), sometimes getting the MySQL code source or simply using a scripting language.

However, it turns to be very simple. mysql_config_editor does not provide this option, but my_print_defaults does!

my_print_defaults is a standard tool in the MySQL server package. Keep your passwords safe!

Share this post

Comments (3)

  • Ed Bessant

    Hi Roman, Are there any implications to Percona MySQL (we are using 5.6 & 5.7 both) if I disable (600) “my_print_defaults” or completely remove it from a running system? I can find other ways of helping users who forget their passwords, and I am happier with a secure password vault for the important ones. This seems far too risky to leave lying around. Thanks in advance.

    September 7, 2016 at 12:58 pm
  • Peter Zaitsev

    The main point here is what such obfuscated password is not secure password. Even if you do not have my_print_default program locally someone can take this encrypted data and do it on his own system.

    .mylogin.cnf is not secure password store and you should not think about it as such. It just does not show the password in the plain text but anyone with basic technical skill can recover it.

    September 7, 2016 at 1:39 pm
  • Albert25

    On some installs you need to replace “client” with “root” :

    my_print_defaults -s root

    February 8, 2020 at 6:39 pm

Comments are closed.

Use Percona's Technical Forum to ask any follow-up questions on this blog topic.