Outdated Version

You are viewing an older version of this section. View current production version.


Change the MemSQL root password for a MemSQL node on the local machine.


Change the MemSQL root password for a MemSQL node on the local machine (executes `SET PASSWORD...` SQL command), or correct `memsqlctl`'s record of an existing password (does not execute `SET PASSWORD...` SQL command).

  memsqlctl change-root-password [flags]

  -a, --all                 Change the password of all nodes on the host
      --fix-secure-key      Reset the secure key
      --force               Force password update on stopped nodes
  -h, --help                Help for change-root-password
      --memsql-id strings   The MemSQL ID of the node
      --password STRING     The new MemSQL root password for the node

Global Flags:
  -c, --config FILE_PATH                     Path to the memsqctl config file
      --default-install-dir DIRECTORY_PATH   Path to the default install directory
  -j, --json                                 Print output in JSON format
      --node-metadata-file FILE_PATH         Path to the node metadata file
      --parallelism POSITIVE_INTEGER         Maximum amount of operations to be run in parallel
      --ssl-ca FILE_PATH                     Path to the CA certificate file in PEM format to authenticate the MemSQL server certificate
      --timeout duration                     Maximum time for operation to complete (e.g., 30s, 10m, 1.5h)
  -v, --verbosity count                      Increase logging verbosity
  -y, --yes                                  Enable non-interactive mode and assume the user would like to move forward with the proposed actions by default


When running this command, memsqlctl will attempt to connect to a running node using the root user and existing root password for the node that is already stored in nodes.hcl. If the existing root password doesn’t work, then the nodes.hcl file has become out of sync with the current state of the node. This can be caused by either a manual password change by the user without using memsqlctl, or the root password was encrypted with an older encryption key. To fix this issue, memsqlctl will try to connect to the node with new password, and if it works, memsqlctl will update nodes.hcl with the new password encrypted with the current encryption key. This behavior allows change-root-password to be used to update memsqlctl when there is state drift.

The new password can also be specified through the environment variable MEMSQL_PASSWORD instead of as a command-line argument.

Once connected, memsqlctl will run GRANT… SQL commands on the node to change the password to the new password and then update nodes.hcl.


The change-root-password command can only be run on nodes in a running process state.

This command is interactive unless you use either the --yes or --json flags to override interactive behavior.

The memsqlctl change-root-password command is equivalent to the memsql-admin change-root-password command.


The following is the standard output for the change-root-password command.

$ sudo memsqlctl change-root-password --password "NewSecurePass"
| Index | MemSQL ID  |    Role    | Port | Process State | Version |
| 1     | 01FA0ABD58 | Aggregator | 3306 | Running       | 6.5.10  |
| 2     | 994274A024 | Leaf       | 3307 | Running       | 6.5.10  |
| 3     | All Nodes  |            |      |               |         |
Select an option: 2
memsqlctl will perform the following actions
  · On MemSQL node with ID 994274A024996ADAD6B1B780352C0EDBC0E7328F:
    - Run `SET PASSWORD FOR 'root'@'%' = PASSWORD(***)`

Would you like to continue? [y/N]: y
✓ Set new password for node with MemSQL ID 994274A024996ADAD6B1B780352C0EDBC0E7328F