hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2257: Extend password encryption tutorial

Browse Source 
Fixed the documentation on the arguments to maxkeys, which is a directory,
and added a short paragraph about alternative key file locations. Also
documented that keys are read from the directory where the `datadir`
parameter points to.
This commit is contained in:
Markus Mäkelä 2019-01-12 04:55:35 +02:00
parent 9def07ab4a
commit 1e1836354b
No known key found for this signature in database
GPG Key ID: 72D48FCE664F7B19
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Documentation/Getting-Started/Configuration-Guide.md
View File

@ -468,6 +468,9 @@ Set the directory where the data files used by MariaDB MaxScale are stored.
Modules can write to this directory and for example the binlogrouter uses this
folder as the default location for storing binary logs.
This is also the directory where the password encryption key is read from that
is generated by `maxkeys`.
```
datadir=/home/user/maxscale_data/
```

17
Documentation/Tutorials/Encrypting-Passwords.md
View File

@ -3,13 +3,16 @@
There are two options for representing the password, either plain text or
encrypted passwords may be used. In order to use encrypted passwords a set of
keys must be generated that will be used by the encryption and decryption
process. To generate the keys use the `maxkeys` command and pass the name of the
secrets file in which the keys are stored.
process. To generate the keys, use the `maxkeys` command.
```
maxkeys /var/lib/maxscale/.secrets
maxkeys
```
By default the key file will be generated in `/var/lib/maxscale`. If a different
directory is required, it can be given as the first argument to the program. For
more information, see `maxkeys --help`.
Once the keys have been created the `maxpasswd` command can be used to generate
the encrypted password.
@ -21,6 +24,10 @@ maxpasswd plainpassword
The username and password, either encrypted or plain text, are stored in the
service section using the `user` and `password` parameters.
If a custom location was used for the key file, give it as the first argument to
`maxpasswd` and pass the password to be encrypted as the second argument. For
more information, see `maxkeys --help`.
Here is an example configuration that uses an encrypted password.
```
@ -32,3 +39,7 @@ servers=dbserv1, dbserv2, dbserv3
user=maxscale
password=96F99AA1315BDC3604B006F427DD9484
```
If the key file is not in the default location, the
[`datadir`](../Getting-Started/Configuration-Guide.md#datadir) parameter must be
set to the directory that contains it.