mysql password leak in minion's log

[ghoz]

when provisioning a mysql server, the root_password is written in clear in the minion's log, which is not so good...

 2015-06-08 18:27:33,049 [salt.state       ][INFO    ][22761] Running state [mysqladmin --user root password 'XXX'] at time 18:27:33.049208
 2015-06-08 18:27:33,050 [salt.state       ][INFO    ][22761] Executing state cmd.run for mysqladmin --user root password 'XXX'
 2015-06-08 18:27:33,051 [salt.loaded.int.module.cmdmod][INFO    ][22761] Executing command 'mysql --user root --password=\'XXX\' --execute="SELECT 1;"' in directory '/root'
 2015-06-08 18:27:33,129 [salt.loaded.int.module.cmdmod][INFO    ][22761] Executing command "mysqladmin --user root password XXX'" in directory '/root'
 2015-06-08 18:27:33,227 [salt.state       ][INFO    ][22761] {'pid': 23051, 'retcode': 0, 'stderr': '', 'stdout': ''}
 2015-06-08 18:27:33,227 [salt.state       ][INFO    ][22761] Completed state [mysqladmin --user root password 'XXX'] at time 18:27:33.227229

I'm not sure how to avoid that beside creating a custom module...

[iggy]

The postgres module handles this by putting a temporary file on disk with the password and then the psql utility reads that. That would be very hard to duplicate in a sls file, so yeah, a new module or extending the current mysql module(s) is probably the best bet.

[gravyboat]

@iggy I don't really see how this is the formula's issue, this is more of a Salt problem.

[iggy]

Because the formula is doing things like:

mysql-formula/mysql/server.sls

Line 30 in 6c3161a

- name: mysqladmin --user root password '{{ mysql_root_password|replace("'", "'\"'\"'") }}'

And if there were a module function to set the root password, the sls file wouldn't have to do this with a cmd.run that gets logged in clear text in a log file.