layout | page_title | sidebar_current | description |
---|---|---|---|
mysql |
MySQL: mysql_user |
docs-mysql-resource-user |
Creates and manages a user on a MySQL server. |
The mysql_user
resource creates and manages a user on a MySQL
server.
~> Note: The password for the user is provided in plain text, and is obscured by an unsalted hash in the state Read more about sensitive data in state. Care is required when using this resource, to avoid disclosing the password.
resource "mysql_user" "jdoe" {
user = "jdoe"
host = "example.com"
plaintext_password = "password"
}
resource "mysql_user" "nologin" {
user = "nologin"
host = "example.com"
auth_plugin = "mysql_no_login"
}
The following arguments are supported:
user
- (Required) The name of the user.host
- (Optional) The source host of the user. Defaults to "localhost".plaintext_password
- (Optional) The password for the user. This must be provided in plain text, so the data source for it must be secured. An unsalted hash of the provided password is stored in state. Conflicts withauth_plugin
.password
- (Optional) Deprecated alias ofplaintext_password
, whose value is stored as plaintext in state. Prefer to useplaintext_password
instead, which stores the password as an unsalted hash. Conflicts withauth_plugin
.auth_plugin
- (Optional) Use an authentication plugin to authenticate the user instead of using password authentication. Description of the fields allowed in the block below. Conflicts withpassword
andplaintext_password
.tls_option
- (Optional) An TLS-Option for theCREATE USER
orALTER USER
statement. The value is suffixed toREQUIRE
. A value of 'SSL' will generate aCREATE USER ... REQUIRE SSL
statement. See the MYSQLCREATE USER
documentation for more. Ignored if MySQL version is under 5.7.0.
The auth_plugin
value supports:
AWSAuthenticationPlugin
- Allows the use of IAM authentication with Amazon Aurora. For more details on how to use IAM auth with Aurora, see here.
mysql_no_login
- Uses the MySQL No-Login Authentication Plugin. The No-Login Authentication Plugin must be active in MySQL. For more information, see here.
The following attributes are exported:
user
- The name of the user.password
- The password of the user.id
- The id of the user created, composed as "username@host".host
- The host where the user was created.
No further attributes are exported.