Folks,

when setting up MaxScale or even moving clear text passwords to encrypted ones using maxkeys, we need to create the key with root user and then change the ownership of the .secrets files created for encrypting the passwords you pass as a parameter of maxpasswd.

https://mariadb.com/kb/en/mariadb-maxscale-23-encrypting-passwords/

One of our customers wasn't getting maxscale up and running after executing the process from the current feature documentation as it misses the chown command that needs to be entered to make that files as maxscale:maxscale to avoid the below:

Oct 18 11:21:44 x.net maxscale[7980]: (secrets_readKeys): Access for secrets file [/var/lib/maxscale/.secrets] failed. Error 13, Permission denied.

Oct 18 11:21:44 x.net maxscale[7980]: [MariaDBAuth] (check_server_permissions): [readconn-service-master] Failed to connect to server 'x' ([192.168.100.247]:3306) when checking authentication user credentials and permissions: 1045 Access denied for user 'maxusr'@'192.168.100.197' (using password: YES)

Can we have the below added to the documentation?

Once the key has been created, you need to change the key ownership as the maxscale user must read it and be able to authenticate to the backends with the real password after decrypting it:

chown maxscale:maxscale /var/lib/maxscale/.secrets

Finally, use the maxpasswd command to generate the encrypted version of the user's password.

maxpasswd plainpassword

96F99AA1315BDC3604B006F427DD9484

It's going to make it better.

Thanks!!