SECRET

Passing credentials in queries can leave them exposed in plain text during parameterization which means they can be seen in logs and the process list. To counter this, you can use the SECRET() function. SECRET() takes a string (such as a password or other sensitive information) and replaces it with the literal string "<password>" during parameterization. The string is unchanged for the query however..

Syntax

SQL

SECRET(str)

Arguments

str: any string

Return Type

String

Remarks

There are two cases where the string passed in the SECRET() function could still be exposed:
- When SECRET() is used as a column without an alias:
  SQL
```
SELECT SECRET(argument);
```
  Instead, use something like:
  SQL
```
SELECT SECRET(argument) AS column_name;
```
- When the NOPARAM() function is combined with SECRET():
  SQL
```
SECRET(NOPARAM(argument));
```

Example

SQL

CALL db.log_in_now('root', SECRET('super-secret-password'));

NOPARAM

SECRET

On this page

Syntax

Arguments

Return Type

Remarks

Example

Was this article helpful?

On this page

Was this article helpful?

SECRET

On this page

Syntax

Arguments

Return Type

Remarks

Example

Related Topics

Was this article helpful?

On this page

Was this article helpful?