What is preferred technique to connect to MySQL from within your bash scripts?

Some call mysql and other client utilities directly from within their bash scripts. Why? Because it's quick, easy and  straightforward.


But it's horribly wrong and unsafe.

You must always use the mysql_config_editor to create a login_path.

Here is some sane configuration MySQL manual extract.

The mysql_config_editor utility enables you to store authentication credentials in an encrypted login path file named .mylogin.cnf. The file location is the %APPDATA%\MySQL directory on Windows and the current user's home directory on non-Windows systems. The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server.

The unencrypted format of the .mylogin.cnf login path file consists of option groups, similar to other option files. Each option group in .mylogin.cnf is called a login path, which is a group that permits only certain options: host, user, password, port and socket. Think of a login path option group as a set of options that specify which MySQL server to connect to and which account to authenticate as. Here is an unencrypted example:

user = mydefaultname
password = mydefaultpass
host =
user = myothername
password = myotherpass
host = localhost

When you invoke a client program to connect to the server, the client uses .mylogin.cnf in conjunction with other option files. Its precedence is higher than other option files, but less than options specified explicitly on the client command line.