Password stored in world-readable plain text file

So I’ve got the pmm-client installed on a handful of database servers. Love the statistics that it reports.

When I used pmm-admin to connect to add the mysql plugin, it asked for credentials. I provided the mysql root username & password on the command line (that seemed dirty). I see that the password is saved in /etc/init/pmm-mysql-metrics-42002.conf, which is world-readable. This seems super dirty.

I suspect I’m not configuring something right here. Is there a way to pass a --login-path? Or some other way to authenticate to the mysql server? Should I be setting up a “pmm” user with limited permissions?

I don’t see this in the documentation, but feel free to send me in the right direction if I missed something.

Thanks

Norman

Whoop whoop, now I see some documentation about pmm-admin creating a “pmm” user, here: https://www.percona.com/doc/percona-monitoring-and-management/pmm-admin.html#pmm-admin-add-mysql-queries. I’ll give that a shot. Still seems dirty to be storing the password world-readable :-/.

Norman

Hi normelton !
Yes, for now we have this “not good” solution about user/password. We know about this and this will be solved in PMM2 (see https://www.percona.com/blog/2019/05…now-available/ ).

1 Like

Is this still a case with the current PMM 2.16? I just installed 2.15 last week and I can still see the pwd’s in clear text on the client configurations!

/usr/local/percona/pmm2/config/pmm-agent.yaml

server:
    address: 10.132.111.123:443
    username: <clear_text_username>
    password: <cleart_text_pwd>

ps:

... remoteWrite_basicAuth_password=<clear_text_pwd> remoteWrite_basicAuth_username=<cleart_text_username>

1 Like