MySQL
Oracledatabase2 credentials
MySQL Account Password
mysql / account-password
MySQL accounts authenticate with passwords assigned by account-management statements such as CREATE USER and ALTER USER. MySQL documents CREATE USER ... IDENTIFIED BY for assigning account passwords and stores internal credentials in grant tables such as mysql.user.
Looks like
patternCREATE\s+USER\s+'[^'\r\n]+'@'[^'\r\n]+'\s+IDENTIFIED\s+BY\s+'[^'\r\n]+'ALTER\s+USER\s+'[^'\r\n]+'@'[^'\r\n]+'\s+IDENTIFIED\s+BY\s+'[^'\r\n]+'Location
mysql.user.authentication_stringinternal credential verifier storage for MySQL accounts, depending on authentication plugin
application config, .env files, JDBC/DSN connection strings, and deployment manifests
MYSQL_PWD, MYSQL_USER, MYSQL_PASSWORD, MYSQL_ROOT_PASSWORD, DATABASE_URLKubernetes Secrets, cloud secret managers, CI/CD variables, and database password vault entries
application connection strings, migration scripts, test fixtures, and accidentally committed configs
failed connection traces, ORM debug logs, and CI output
tcp/3306MySQL client protocol login endpoint
Notes
There is no universal MySQL server default password. Container images, appliances, or installers may generate or require deployment-specific root passwords that should be modeled separately when sourced.
Client Option File / Login Path Password
mysql / option-file-password
MySQL clients can read connection options from option files, and MySQL documents .mylogin.cnf login paths that permit host, user, password, port, and socket options. Command options also include --password for connecting to a server.
Looks like
pattern^password\s*=\s*[^\r\n]+$mysql://[^\s:@]+:[^\s@]+@[^\s/]+Location
~/.my.cnf, .mylogin.cnf, my.cnfMySQL client option files and encrypted login-path file
MYSQL_TEST_LOGIN_FILE, MYSQL_PWDoverrides login path file location or supplies client password
deployment secrets and workstation credential stores that materialize MySQL option files
accidentally committed option files, Docker contexts, and test configuration
shell history, command traces, and debug output containing --password or connection URLs
Notes
MySQL discourages exposing passwords on command lines because they can leak through process listings, shell history, and logs.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.