From MySQL 8.0.21 onwards,
START GROUP_REPLICATION includes new options which allow a user to specify credentials to be used for distributed recovery. You can now pass credentials when invoking
START GROUP_REPLICATION instead of setting them when configuring the
START GROUP_REPLICATION command now has the options:
USER: User name. Cannot be set to an empty or null string or left unset if
DEFAULT_AUTH: Name of the authentication plugin; default is MySQL native authentication.
When credentials are passed as parameters to
START GROUP_REPLICATION command, credentials are not persisted.
Therefore, when group replication stops or the server is restarted, credentials are removed from memory.
These credentials are used for authenticating against donor servers during the different phases of the distributed recovery.
They are used during the initial state transfer (cloning) phase, if one is deemed needed, and they are used during the catch up phase.
Credentials passed on the
START GROUP_REPLICATION statement take precedence over credentials that are persisted in the
group_replication_recovery channel configuration.
In other words, if credentials are passed on the start statement those are the ones used, otherwise the system falls back to checking the credentials stored in the channel configuration, as it does before 8.0.21.
When group replication is stopped using
STOP GROUP_REPLICATION command or the server is restarted, stored credentials are removed from memory.
These parameters are limited to
START GROUP_REPLICATION command and hence cannot be used along with
START GROUP_REPLICATION USER='rpl_user', PASSWORD='rpl_password';
If the above command is used to start the group replication, credentials passed in parameter will be used for distributed recovery.
In the above command, credentials are picked from
As of MySQL 8.0.21 Group Replication now allows distributed recovery credentials to be passed as command parameters.