Why cleartext-plugin is used?
IAM auth uses something, very similar to a pre-signed URL as a password.
That is why we must use the
--enable-cleartext-plugin option in the connection string.
--enable-cleartext-plugin syntax is used for passing the password as plain text.
Default behaviour is to encrypt the password before sending it to the server.
Because this pre-signed-url-like token needs to be understood by AWSAuthenticationPlugin, therefore it can not be encrypted.
Moreover for RDS,
--enable-cleartext-plugin syntax also indicates that AWSAuthenticationPlugin must be used for the database connection.
When using AWSAuthenticationPlugin, the connection is secured using SSL.
To verify this
show status like 'Ssl%';
If you think this is helpful 🎈
Don't keep it to yourself 🙊
Share it with your lovely followers at twitter 🗽