--help, -?

Display a help message and exit.

--

Marks the end of the list of mysqlsh options and the start of a command and its arguments for MySQL Shell's API command line integration. You can execute methods of the MySQL Shell global objects from the command line using this syntax:

mysqlsh [options]  -- object method [arguments]

See Section 5.8, “API Command Line Integration” for more information.

--auth-method=method

Authentication method to use for the account. Depends on the authentication plugin used for the account's password. For MySQL Shell connections using classic MySQL protocol, specify the name of the authentication plugin, for example caching_sha2_password. For MySQL Shell connections using X Protocol, specify one of the following options:

For MySQL Shell connections using classic MySQL protocol, specify the name of the authentication plugin used by the user account, for example caching_sha2_password (which is the default for user accounts created in MySQL 8.0). MySQL Shell uses the MySQL client library for client-side authentication for these connections. The following authentication methods require additional configuration:

Cached ticket-granting tickets (TGTs) for Kerberos authentication are supported from MySQL 8.0.27 when the --auth-method option is used to specify the authentication_ldap_sasl_client or authentication_kerberos_client plugin, and the --mysql-plugin-dir option is used to provide a path to the plugin. To use cached TGTs, do not specify a user and password in the connection options. When you specify one of these plugins and do not specify a user and password, MySQL Shell does not supply the system user name, does not prompt for a password, and does not attempt to use the Secret Store helper to retrieve or store credentials.

For more information, see Section 4.3.5, “Using LDAP and Kerberos Authentication”.

--cluster

Ensures that the target server is part of an InnoDB Cluster and if so, sets the cluster global variable to the cluster object.

--column-type-info

In SQL mode, before printing the returned result set for a query, print metadata for each column in the result set, such as the column type and collation.

The column type is returned as both the type used by MySQL Shell (Type), and the type used by the original database (DBType). For MySQL Shell connections using classic MySQL protocol, DBType is as returned by the protocol, and for X Protocol connections, DBType is inferred from the available information. The column length (Length) is returned in bytes.

--compress[={required|preferred|disabled}], -C [{required|preferred|disabled}]

Controls compression of information sent between the client and the server using this connection. It is also available for classic MySQL protocol and X Protocol connections, and you can optionally specify required, preferred, or disabled. When just --compress is specified, the value defaults to --compress=required. See Section 4.3.8, “Using Compressed Connections” for information on using MySQL Shell's compression control in all releases.

--compression-algorithms=value

The permitted compression algorithms for connections to the server.

See Section 4.3.8.1, “Compression Control For MySQL Shell”.

--compression-level=level

Compression level for connections to server that use any compression algorithm over X Protocol or for zstd only on classic connections.

See Section 4.3.8.1, “Compression Control For MySQL Shell”.

--zstd-compression-level=level

The compression level to use for connections to the server that use the zstd compression algorithm. The permitted levels are from 1 to 22, with larger values indicating increasing levels of compression. The default zstd compression level is 3. The compression level setting has no effect on connections that do not use zstd compression.

See Section 4.3.8.1, “Compression Control For MySQL Shell”.

--connect-timeout=ms

Configures how long MySQL Shell waits (in milliseconds) to establish a global session specified through command-line arguments.

--credential-store-helper=helper

The Secret Store Helper that is to be used to store and retrieve passwords. See Section 4.4, “Pluggable Password Store”.

--database=name, -D name

The default schema to use. This is an alias for --schema.

--disable-plugins

Disables user plugins.

--local-infile[=OFF|ON]

This variable controls client-side LOCAL capability for LOAD DATA statements.

The following options are available:

--log-sql[=off|error|on|all|unfiltered]

Log all SQL statements executed by MySQL Shell to the MySQL Shell log file, mysqlsh.log

The following options are available:

--execute=command, -e command

Execute the command using the currently active language and quit. This option is mutually exclusive with the --file=file_name option.

--file=file_name, -f file_name

Specify a file to process in Batch mode. Any options specified after this are used as arguments of the processed file.

--force

Continue processing in SQL and Batch modes even if errors occur.

--histignore=strings

Specify strings that are not added to the MySQL Shell history. Strings are separated by a colon. Matching is case insensitive, and the wildcards * and ? can be used. The default ignored strings are specified as “*IDENTIFIED*:*PASSWORD*”. See Section 5.5, “Code History”.

--host=host_name, -h host_name

Connect to the MySQL server on the given host. On Windows, if you specify --host=. or -h . (giving the host name as a period), MySQL Shell connects using the default named pipe (which has the name MySQL), or an alternative named pipe that you specify using the --socket option.

--get-server-public-key

MySQL Shell equivalent of --get-server-public-key.

If --server-public-key-path=file_name is given and specifies a valid public key file, it takes precedence over --get-server-public-key.

See Caching SHA-2 Pluggable Authentication.

--interactive[=full], -i

Emulate Interactive mode in Batch mode.

--js, --javascript

Start in JavaScript mode.

--json[={off|pretty|raw}]

Controls JSON wrapping for MySQL Shell output from this session. This option is intended for interfacing MySQL Shell with other programs, for example as part of testing. For changing query results output to use the JSON format, see --result-format.

When the --json option has no value or a value of pretty, the output is generated as pretty-printed JSON. With a value of raw, the output is generated in raw JSON format. In any of these cases, the --result-format option and its aliases and the value of the resultFormat MySQL Shell configuration option are ignored. With a value of off, JSON wrapping does not take place, and result sets are output as normal in the format specified by the --result-format option or the resultFormat configuration option.

--log-file=path

Change the location of the MySQL Shell application log file mysqlsh.log for this MySQL Shell instance. The default location for the application log file is the user configuration path, which defaults to %APPDATA%\MySQL\mysqlsh\ on Windows or ~/.mysqlsh/ on Unix. You can override the user configuration path for all MySQL Shell instances by defining the environment variable MYSQLSH_USER_CONFIG_HOME. The --log-file option applies to the individual MySQL Shell instance, meaning that different instances can write to different locations.

--log-level=N

Change the logging level for the MySQL Shell application log file mysqlsh.log, or disable logging to the file. The option requires a value, which can be either an integer in the range from 1 to 8, or one of none, internal, error, warning, info, debug, debug2, or debug3. Specifying 1 or none disables logging to the application log file. Level 5 (info) is the default if you do not specify this option. See Chapter 13, MySQL Shell Logging and Debug.

--mysql, --mc

Sets the global session created at start up to use a classic MySQL protocol connection.

--mysql-plugin-dir=path

Sets a non-persistent path to the client-side authentication plugins by overriding the value of the shell.options.mysqlPluginDir setting. Client-side plugins are shipped in the MySQL Server packages and can be located relative to the MySQL base directory (the value of the basedir system variable). For example:

For a list of the client authentication plugins that ship with the server, see Available Authentication Plugins.

--mysqlx, --mx

Sets the global session created at start up to use an X Protocol connection.

--name-cache

Enable automatic loading of table names based on the active default schema.

--no-name-cache, -A

Disable loading of table names for autocompletion based on the active default schema and the DevAPI db object. Use \rehash to reload the name information manually.

--no-password

When connecting to the server, if the user has a passwordless account, which is insecure and not recommended, or if socket peer-credential authentication is in use (for Unix socket connections), you must use --no-password to explicitly specify that no password is provided and the password prompt is not required.

--no-wizard, -nw

Disables the interactive wizards provided by operations such as creating connections, dba.configureInstance(), Cluster.rebootClusterFromCompleteOutage() and so on. Use this option when you want to script MySQL Shell and not have the interactive prompts displayed. For more information see Section 5.6, “Batch Code Execution” and Section 5.8, “API Command Line Integration”.

--oci-config-file=pathToConfigFile

Configures a path to the OCI config file to use with OCI authentication to connect to a MySQL HeatWave Service DB System.

The value defined here overrides the value defined in the oci.configFile option.

For more information, see Authenticating Using authentication_oci Plugin.

--authentication-oci-client-config-profile=profileName

Configures the profile in the OCI config file to use with OCI authentication to connect to a MySQL HeatWave Service DB System.

The value defined here overrides the value defined in the oci.profile option.

For more information, see Authenticating Using authentication_oci Plugin.

--authentication-openid-connect-client-id-token-file=filename

The file path to an OpenId Connect authorization token file

See Section 4.3.6, “Using OpenID Connect”.

--pager=name

The external pager tool used by MySQL Shell to display text output for statements executed in SQL mode and other selected commands such as online help. If you do not set a pager, the pager specified by the PAGER environment variable is used. See Section 4.7, “Using a Pager”.

--passwords-from-stdin

Read the password from standard input, rather than from the terminal. This option does not affect any other password behaviors, such as the password prompt.

--password[=password], -ppassword

The password to use when connecting to the server. The maximum password length that is accepted for connecting to MySQL Shell is 128 characters.

--password1[=password]

--password1, --password2 and --password3 are the passwords to use for accounts that require multifactor authentication. You can supply up to three passwords. The options work in the same way as the --password option, and --password1 is treated as equivalent to that option. You can specify a password value following the option on the command line (which is insecure), or if the options are given without a password value, MySQL Shell prompts the user for each password in turn. Only supported for classic MySQL protocol connections made using command-line arguments.

--password2[=password]

The password for the second authentication method for accounts that require multifactor authentication. See the description for the --password1 option.

--password3[=password]

The password for the third authentication method for accounts that require multifactor authentication. See the description for the --password1 option.

--plugin-authentication-kerberos-client-mode={SSPI|GSSAPI}

On Microsoft Windows platforms, allows defining the kerberos client mode (SSPI or GSSAPI) when using kerberos authentication.

If plugin-authentication-kerberos-client-mode is not defined, SSPI is used by default.

When connecting to a MySQL server using Kerberos authentication, the authentication modes have the following behavior:

--plugin-authentication-webauthn-client-preserve-privacy={OFF|ON}

Determines how assertions are sent to server in case there are more than one discoverable credentials stored for a given RP ID (a unique name given to the relying-party server, which is the MySQL server). If the FIDO2 device contains multiple resident keys for a given RP ID, this option allows the user to choose a key to be used for assertion. It provides two possible values that the client user can set. The default value is false. If set to false, the challenge is signed by all credentials available for a given RP ID and all signatures are sent to server. If set to true, the user is prompted to choose the credential to be used for signature.

For more information, see WebAuthn Pluggable Authentication.

--plugin-authentication-webauthn-device=n

Specifies which libfido2 device to use. Default is 0 (first device). Supported over classic protocol, only.

For more information, see WebAuthn Pluggable Authentication.

--port=port_num, -P port_num

The TCP/IP port number to use for the connection. The default is port 33060.

--py, --python

Start in Python mode.

--pyc=pythonCommand, -c

Execute a Python command and quit. Any options specified after this are treated as arguments of the processed command.

--pym

Execute the specified Python module as a script in MySQL Shell's Python mode. --pym works in the same way as Python's -m command line option.

--quiet-start[=1|2]

Start without printing introductory information. MySQL Shell normally prints information about the product, information about the session (such as the default schema and connection ID), warning messages, and any errors that are returned during startup and connection. When you specify --quiet-start with no value or a value of 1, information about the MySQL Shell product is not printed, but session information, warnings, and errors are printed. With a value of 2, only errors are printed.

--redirect-primary

Ensures that the target server is part of an InnoDB Cluster or InnoDB ReplicaSet and if it is not the primary, finds the primary and connects to it. MySQL Shell exits with an error if any of the following is true when using this option:

--register-factor=value

The factor or factors for which FIDO/FIDO2 device registration must be performed before WebAuthn device-based authentication can be used. This option value must be a single value, or two values separated by commas. Each value must be 2 or 3, so the permitted option values are '2', '3', '2,3' and '3,2'.

For example, an account that requires registration for a 3rd authentication factor invokes the mysql client as follows:

mysqlsh --user=user_name --register-factor=3

An account that requires registration for a 2nd and 3rd authentication factor invokes the mysql client as follows:

mysqlsh --user=user_name --register-factor=2,3

If registration is successful, a connection is established. If there is an authentication factor with a pending registration, a connection is placed into pending registration mode when attempting to connect to the server. In this case, disconnect and reconnect with the correct --register-factor value to complete the registration.

Registration is a two step process comprising initiate registration and finish registration steps. The initiate registration step executes this statement:

ALTER USER user factor INITIATE REGISTRATION

The statement returns a result set containing a 32 byte challenge, the user name, and the relying party ID (see authentication_webauthn_rp_id).

The finish registration step executes this statement:

ALTER USER user factor FINISH REGISTRATION SET CHALLENGE_RESPONSE AS 'auth_string'

The statement completes the registration and sends the following information to the server as part of the auth_string: authenticator data, an optional attestation certificate in X.509 format, and a signature.

The initiate and registration steps must be performed in a single connection, as the challenge received by the client during the initiate step is saved to the client connection handler. Registration would fail if the registration step was performed by a different connection. The --register-factor option executes both the initiate and registration steps, which avoids the failure scenario described above and prevents having to execute the ALTER USER initiate and registration statements manually.

The --register-factor option is only available for the mysql client. Other MySQL client programs do not support it.

For related information, see Using WebAuthn Authentication.

--replicaset

Ensures that the target server belongs to an InnoDB ReplicaSet, and if so, populates the rs global variable with the InnoDB ReplicaSet. You can then administer the InnoDB ReplicaSet using the rs global variable, for example by issuing rs.status().

--redirect-secondary

Ensures that the target server is part of a single-primary InnoDB Cluster or InnoDB ReplicaSet and if it is not a secondary, finds a secondary and connects to it. MySQL Shell exits with an error if any of the following is true when using this option:

--result-format={table|tabbed|vertical|json|json/pretty|ndjson|json/raw|json/array}

Set the value of the resultFormat MySQL Shell configuration option for this session. Formats are as follows:

If the --json command line option is used to activate JSON wrapping for output for the session, the --result-format option and its aliases and the value of the resultFormat configuration option are ignored.

--save-passwords={always|prompt|never}

Controls whether passwords are automatically stored in the secret store. always means passwords are always stored unless they are already in the store or the server URL is excluded by a filter. never means passwords are never stored. prompt, which is the default, means users are asked whether to store the password or not. See Section 4.4, “Pluggable Password Store”.

--schema=name, -D name

The default schema to use.

--server-public-key-path=file_name

MySQL Shell equivalent of --server-public-key-path.

If --server-public-key-path=file_name is given and specifies a valid public key file, it takes precedence over --get-server-public-key.

See caching_sha2_password plugin Caching SHA-2 Pluggable Authentication.

--show-warnings={true|false}

When true is specified, which is the default, in SQL mode, MySQL Shell displays warnings after each SQL statement if there are any. If false is specified, warning are not displayed.

--socket[=path], -S [path]

On Unix, when a path is specified, the path is the name of the Unix socket file to use for the connection. If you specify --socket with no value and no equal sign, or -S without a value, the default Unix socket file for the appropriate protocol is used.

On Windows, the path is the name of the named pipe to use for the connection. The pipe name is not case-sensitive. On Windows, you must specify a path, and the --socket option is available for classic MySQL protocol sessions only.

You cannot specify a socket if you specify a port or a host name other than localhost on Unix or a period (.) on Windows.

--sql

Start in SQL mode, auto-detecting the protocol to use if it is not specified as part of the connection information. When the protocol to use is not specified, defaults to an X Protocol connection, falling back to a classic MySQL protocol connection. To force a connection to use a specific protocol see the --sqlx or --sqlc options. Alternatively, specify a protocol to use as part of a URI-like connection string or use the --port option. See Section 4.3, “MySQL Shell Connections” and MySQL Shell Ports. for more information.

--sqlc

Start in SQL mode forcing the connection to use classic MySQL protocol, for example to use MySQL Shell with a server that does not support X Protocol. If you do not specify the port as part of the connection, when you provide this option MySQL Shell uses the default classic MySQL protocol port which is usually 3306. The port you are connecting to must support classic MySQL protocol, so for example if the connection you specify uses the X Protocol default port 33060, the connection fails with an error. See Section 4.3, “MySQL Shell Connections” and MySQL Shell Ports. for more information.

--sqlx

Start in SQL mode forcing the connection to use X Protocol. If you do not specify the port as part of the connection, when you provide this option MySQL Shell uses the default X Protocol port which is usually 33060. The port you are connecting to must support X Protocol, so for example if the connection you specify uses the classic MySQL protocol default port 3306, the connection fails with an error. See Section 4.3, “MySQL Shell Connections” and MySQL Shell Ports. for more information.

--ssh=str

Create an SSH tunnel that provides an encrypted connection to the MySQL server instance. Supply the URI for connection to the SSH server in the format [user@]host[:port], for example:

--ssh root@198.51.100.4:2222

When you use this option, you must also specify the --user, --host, and --port options, or a URI, for connection to the MySQL server instance. For information on SSH tunnel connections from MySQL Shell, see Section 4.3.7, “Using an SSH Tunnel”.

--ssh-config-file=path

Specify the path to an SSH configuration file for the connection to the SSH server. You can use the MySQL Shell configuration option ssh.configFile to set a custom file as the default if this option is not specified. If ssh.configFile has not been set, the default is the standard SSH configuration file ~/.ssh/config. If you specify --ssh-config-file with an empty value, the default file specified by ssh.configFile is ignored, and the ~/.ssh/config file is used instead.

--ssh-identity-file=path

Specify the path to an identity file for the connection to the SSH server. The default if this option is not specified is the standard private key file in the SSH configuration folder (~/.ssh/id_rsa).

--ssl*

Options that begin with --ssl specify whether to connect to the server using SSL and indicate where to find SSL keys and certificates. The mysqlsh SSL options function in the same way as the SSL options for MySQL Server, see Command Options for Encrypted Connections for more information.

mysqlsh accepts these SSL options: --ssl-mode, --ssl-ca, --ssl-capath, --ssl-cert, --ssl-cipher, --ssl-crl, --ssl-crlpath, --ssl-key, --tls-version, --tls-ciphersuites.

--syslog

Send SQL statements that you issue in MySQL Shell’s SQL mode to the operating system’s system logging facility (syslog on Unix, or the Windows Event Log). System logging for SQL statements only takes place when MySQL Shell is started in interactive mode, so either a normal start or a start with the --interactive option. It does not take place if the --execute or --file options are used at startup to run mysqlsh in batch mode. See Section 13.3, “System Logging for User SQL Statements” for more information.

--tabbed

Display results in tab separated format in interactive mode. The default for that mode is table format. This option is an alias of the --result-format=tabbed option.

--table

Display results in table format in batch mode. The default for that mode is tab separated format. This option is an alias of the --result-format=table option.

--uri=str

Create a connection upon startup, specifying the connection options in a URI-like string as described at Connecting to the Server Using URI-Like Strings or Key-Value Pairs.

--user=user_name, -u user_name

The MySQL user name to use when connecting to the server.

--verbose[=0|1|2|3|4]

Activate verbose output to the console and specify the level of detail. The value is an integer in the range from 0 to 4. 0 displays no messages, which is the default verbosity setting when you do not specify the option. 1 displays error, warning and informational messages (this is the default setting if you specify the option on the command line without a value). 2, 3, and 4 add higher levels of debug messages. See Chapter 13, MySQL Shell Logging and Debug for more information.

--version, -V

Display the version of MySQL Shell and exit.

--vertical, -E

Display results vertically, as when the \G terminator is used for an SQL query. This option is an alias of the --result-format=vertical option.