MySQL database instances should not have a passwordless default root user


MySQL database instances have the option for NOT having a password for the administrative/root user. This is not recommended; a password should be set to ensure that only authorized users have administrative privileges.

Remediation Steps

Google Cloud Console

  • Navigate to Cloud SQL instances.

  • Click on the instance name to go to the Overview page.

  • Click Users on the left navigation bar.

  • For the root user, select Change password from the more actions icon.

  • Enter in a password, and click OK.

gcloud CLI

  • Set a password for a MySQL instance:

    • gcloud sql users set-password [USER_NAME] [HOST] --instance=[INSTANCE_NAME] - -password=[PASSWORD]