MySQL 8 (in version 8.0.4) changes the way clients are authenticated by
default_authentication_plugin parameter is set to
caching_sha2_password. This change of the default value implies that MySQL
drivers must support the SHA-256 authentication. Also, the communication channel
with MySQL 8 must be encrypted when using
The MySQL driver used with PMM does not yet support the SHA-256 authentication.
With currently supported versions of MySQL, PMM requires that a dedicated MySQL
user be set up. This MySQL user should be authenticated using the
mysql_native_password plugin. Although MySQL is configured to support SSL
clients, connections to MySQL Server are not encrypted.
There are two workarounds to be able to add MySQL Server version 8.0.4 or higher as a monitoring service to PMM:
- Alter the MySQL user that you plan to use with PMM
- Change the global MySQL configuration
Altering the MySQL User
Provided you have already created the MySQL user that you plan to use with PMM, alter this user as follows:
Then, pass this user to
pmm-admin add as the value of the
This is a preferred approach as it only weakens the security of one user.
Changing the global MySQL Configuration
A less secure approach is to set
to the value mysql_native_password before adding it as a
monitoring service. Then, restart your MySQL Server to apply this
- Creating a MySQL User for PMM
- What privileges are required to monitor a MySQL instance?
- More information about adding the MySQL query analytics monitoring service
- MySQL Server Blog: MySQL 8.0.4 : New Default Authentication Plugin : caching_sha2_password
- MySQL Documentation: Authentication Plugins
- MySQL Documentation: Native Pluggable Authentication