From e1cfa7c5f24c228d29b077f97f263a87749ee9ea Mon Sep 17 00:00:00 2001 From: zSchoen Date: Thu, 22 Sep 2022 13:13:10 +0200 Subject: [PATCH] added _HASH envs --- mariadb/content.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/mariadb/content.md b/mariadb/content.md index b566b83db9ba..a29a8da0e23d 100644 --- a/mariadb/content.md +++ b/mariadb/content.md @@ -103,10 +103,12 @@ From tag 10.2.38, 10.3.29, 10.4.19, 10.5.10 onwards, and all 10.6 and later tags One of `MARIADB_ROOT_PASSWORD`, `MARIADB_ALLOW_EMPTY_ROOT_PASSWORD`, or `MARIADB_RANDOM_ROOT_PASSWORD` (or equivalents, including `*_FILE`), is required. The other environment variables are optional. -### `MARIADB_ROOT_PASSWORD` / `MYSQL_ROOT_PASSWORD` +### `MARIADB_ROOT_PASSWORD` / `MYSQL_ROOT_PASSWORD`, `MARIADB_ROOT_PASSWORD_HASH` This specifies the password that will be set for the MariaDB `root` superuser account. In the above example, it was set to `my-secret-pw`. +In order to have no plaintext secret in the deployment, `MARIADB_ROOT_PASSWORD_HASH` can be used as it is just the hash of the password. The hash can be generated with `SELECT PASSWORD('bob')` as a SQL query. + ### `MARIADB_ALLOW_EMPTY_ROOT_PASSWORD` / `MYSQL_ALLOW_EMPTY_PASSWORD` Set to a non-empty value, like `yes`, to allow the container to be started with a blank password for the root user. *NOTE*: Setting this variable to `yes` is not recommended unless you really know what you are doing, since this will leave your MariaDB instance completely unprotected, allowing anyone to gain complete superuser access. @@ -129,7 +131,7 @@ The `mysql@localhost` user gets [USAGE](https://mariadb.com/kb/en/grant/#the-usa This variable allows you to specify the name of a database to be created on image startup. -### `MARIADB_USER` / `MYSQL_USER`, `MARIADB_PASSWORD` / `MYSQL_PASSWORD` +### `MARIADB_USER` / `MYSQL_USER`, `MARIADB_PASSWORD` / `MYSQL_PASSWORD`, `MARIADB_PASSWORD_HASH` These are used in conjunction to create a new user and to set that user's password. Both user and password variables are required for a user to be created. This user will be granted all access ([corresponding to `GRANT ALL`](https://mariadb.com/kb/en/grant/#the-all-privileges-privilege)) to the `MARIADB_DATABASE` database. @@ -153,7 +155,7 @@ As an alternative to passing sensitive information via environment variables, `_ $ docker run --name some-mysql -e MARIADB_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d %%IMAGE%%:latest ``` -Currently, this is only supported for `MARIADB_ROOT_PASSWORD`, `MARIADB_ROOT_HOST`, `MARIADB_DATABASE`, `MARIADB_USER`, and `MARIADB_PASSWORD` (and `MYSQL_*` equivalents of these). +Currently, this is only supported for `MARIADB_ROOT_PASSWORD`, `MARIADB_ROOT_PASSWORD_HASH`, `MARIADB_ROOT_HOST`, `MARIADB_DATABASE`, `MARIADB_USER`, `MARIADB_PASSWORD` and `MARIADB_PASSWORD_HASH` (and `MYSQL_*` equivalents of these). # Initializing a fresh instance