-
Notifications
You must be signed in to change notification settings - Fork 0
/
like_a_rock.py
47 lines (36 loc) · 1.28 KB
/
like_a_rock.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/python3
#likearock.py
import mariadb
import sys
from key_master import get_secret
# Function(s) to update/harden the database passwords
def update_passwords():
try:
# Connect to MariaDB
conn = mariadb.connect(
user=DB_SPECIAL_USER,
password=get_secret("mariadb_root_password"),
host="localhost",
port=3306,
database="mydb"
)
except mariadb.Error as e:
print(f"Error connecting to MariaDB: {e}")
sys.exit(1)
# Get the special user's current password
cur = conn.cursor()
cur.execute("SELECT password FROM users WHERE username='special_user'")
current_password = cur.fetchone()[0]
# Update the special user's password to use the key vault value
new_password = get_secret("special_user_password")
cur.execute("UPDATE users SET password=? WHERE username='special_user'", (new_password,))
# Update the root user's password to use the key vault value
cur.execute(f"SET PASSWORD FOR 'root'@'localhost' = '{get_secret('mariadb_root_password')}'")
conn.commit()
conn.close()
from dotenv import load_dotenv
import os
load_dotenv()
DB_SPECIAL_USER = os.getenv("DB_SPECIAL_USER")
if __name__ == "__main__":
update_passwords()