Password stored in world-readable plain text file

So I’ve got the pmm-client installed on a handful of database servers. Love the statistics that it reports.

When I used pmm-admin to connect to add the mysql plugin, it asked for credentials. I provided the mysql root username & password on the command line (that seemed dirty). I see that the password is saved in /etc/init/pmm-mysql-metrics-42002.conf, which is world-readable. This seems super dirty.

I suspect I’m not configuring something right here. Is there a way to pass a --login-path? Or some other way to authenticate to the mysql server? Should I be setting up a “pmm” user with limited permissions?

I don’t see this in the documentation, but feel free to send me in the right direction if I missed something.



Whoop whoop, now I see some documentation about pmm-admin creating a “pmm” user, here: I’ll give that a shot. Still seems dirty to be storing the password world-readable :-/.


Hi normelton !
Yes, for now we have this “not good” solution about user/password. We know about this and this will be solved in PMM2 (see…now-available/ ).

1 Like

Is this still a case with the current PMM 2.16? I just installed 2.15 last week and I can still see the pwd’s in clear text on the client configurations!


    username: <clear_text_username>
    password: <cleart_text_pwd>


... remoteWrite_basicAuth_password=<clear_text_pwd> remoteWrite_basicAuth_username=<cleart_text_username>

1 Like