MySQLdump via crontab - Pass --password=/hashed/password/file so I can use via crontab w/o using plain text password
You have following password options:
- provide the password on the command line through the
-poption - provide the password via the
MYSQL_PWDenvironment variable - put your configuration in the
~/.my.cnffile under the[mysqldump]section
In all cases your client needs a plain text password to be able to authenticate. You mentioned hashes, but the trait of a hash is that it's a one way conversion function (i.e. you won't be able to restore the original password from a hash), therefore it's unusable as the authentication token.
Since you are backing up the Wordpress database from, allegedly, the same account that hosts your Wordpress there is no security improvements of trying to hide the password from the user that runs Wordpress (the database credentials can be easily extracted from the wp-config.php file anyway).
So, I'd suggest to define the following ~/.my.cnf:
[mysqldump]
host = your_MySQL_server_name_or_IP
port = 3306
user = database_user_name
password = database_password
Then ensure that the file has the 0600 permissions. This way mysqldump does not need any database credential specified on its command line (they will be read from the ~/.my.cnf file.
You can have a look at mysqldump-secure which acts as a wrapper script around mysqldump and will take care about password security (via a defaults-extra-file) and also offers your to encrypt your mysql databases via asymmetric encryption.
This creates a file (it could be any file anywere is OS) that passes the password and username from the file. Even if it were "hashed" it would not make a difference if somebody got a hold of the file, they could just use it as is. If it works for me, it would work for them.
So to answer the security part of my question, chmod 0600 & sudo chown $USER:nogroup will prevent unauthorized access to file once created.
mkdir ~/wp_backups/sqldumps && touch ~/wp_backups/.sqlpwd && nano ~/wp_backups/.sqlpwd && chmod 600 ~/wp_backups/.sqlpwd && sudo chown $USER:nogroup ~/wp_backups/.sqlpwd
--.sqlpwd contents
[mysqldump] # NEEDED FOR DUMP
user=username
password=password
[mysql] # NEEDED FOR RESTORE
user=username
password=password
--SQL CLI Syntax
mysqldump --defaults-extra-file=~/wp_backups/.sqlpwd [database] > ~/wp_backups/sqldumps/"$(date '+%F').sql"