# keeper/guacamole-db-mysql

**Image:** `keeper/guacamole-db-mysql`

`keeper/guacamole-db-mysql` is a Dockerized deployment of MySQL, built off [Docker's official MySQL image](https://hub.docker.com/_/mysql) which is automatically initialized with the Apache Guacamole database schema. It is built using the packages provided by Keeper Connection Manager and made available under the same [EULA](https://www.keepersecurity.com/en_GB/termsofuse.html?t=v). It is normally used to provide a MySQL database for a container using [the `keeper/guacamole` image.](/keeper-connection-manager/installation/docker-compose-install/keeper-guacamole.md)

### Environment variables <a href="#id-.glyptodon-guacamoledbmysqlv1.x-environmentvariables" id="id-.glyptodon-guacamoledbmysqlv1.x-environmentvariables"></a>

In addition to the environment variables documented below, all environment variables supported by [the official Docker MySQL image](http://confluence.glyptodon.com/_/mysql) are accepted, as the official MySQL image forms the basis of this image.

#### `ACCEPT_EULA` <a href="#id-.glyptodon-guacamoledbmysqlv1.x-accept_eula" id="id-.glyptodon-guacamoledbmysqlv1.x-accept_eula"></a>

The `ACCEPT_EULA` environment variable must be set to "Y" to indicate your acceptance of the [Keeper Connection Manager EULA](https://www.keepersecurity.com/en_GB/termsofuse.html?t=v). This Docker image may not be used except under the terms of the EULA.

#### `MYSQL_RANDOM_ROOT_PASSWORD` <a href="#id-.glyptodon-guacamoledbmysqlv1.x-guacamole_database" id="id-.glyptodon-guacamoledbmysqlv1.x-guacamole_database"></a>

This is an optional variable. Set to a non-empty value, like `yes`, to generate a random initial password for the root user (using `pwgen`). The generated root password will be printed to stdout (`GENERATED ROOT PASSWORD: .....`).

#### `GUACAMOLE_DATABASE` <a href="#id-.glyptodon-guacamoledbmysqlv1.x-guacamole_database" id="id-.glyptodon-guacamoledbmysqlv1.x-guacamole_database"></a>

The name of the database to create and initialized for use with Apache Guacamole. This environment variable is required and ultimately maps to the `MYSQL_DATABASE` environment variable of the official MySQL image.

The `GUACAMOLE_DATABASE` variable is provided here for consistency with the other Guacamole-specific variables, but may be omitted if `MYSQL_DATABASE` is provided.

#### `GUACAMOLE_ADMIN_PASSWORD` <a href="#id-.glyptodon-guacamoledbmysqlv1.x-guacamole_usernameandguacamole_password" id="id-.glyptodon-guacamoledbmysqlv1.x-guacamole_usernameandguacamole_password"></a>

This is the Administrator password for the `guacadmin` user.

#### `GUACAMOLE_USERNAME` and `GUACAMOLE_PASSWORD` <a href="#id-.glyptodon-guacamoledbmysqlv1.x-guacamole_usernameandguacamole_password" id="id-.glyptodon-guacamoledbmysqlv1.x-guacamole_usernameandguacamole_password"></a>

The username and password to use for the MySQL database user specific to the Guacamole web application. This pair of variables differ from the `MYSQL_USER` and `MYSQL_PASSWORD` environment variables provided by the official MySQL image in that the created user has limited privileges, being granted only what privileges are absolutely required for Guacamole to run.

The `GUACAMOLE_USERNAME` and `GUACAMOLE_PASSWORD` are not strictly required, as the user created with `MYSQL_USER` and `MYSQL_PASSWORD` may be used instead, however they are **strongly recommended** to ensure the [Principle of Least Privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) is followed.

### Docker secrets <a href="#id-.glyptodon-guacamoledbmysqlv1.x-dockersecrets" id="id-.glyptodon-guacamoledbmysqlv1.x-dockersecrets"></a>

Rather than pass data directly in environment variables, a `_FILE` suffix may be added to any environment variable supported by this image to force that variable to be read from the named file within the container. As Docker secrets store sensitive data within files beneath `/run/secrets/` within the container, this can be used to load sensitive data from Docker secrets.

For example, to load the username and password for the limited-privilege user specific to the Guacamole web application from Docker secrets:

```
docker run --name some-guacamole-db \
    -e ACCEPT_EULA=Y \
    -e MYSQL_RANDOM_ROOT_PASSWORD=yes \
    -e GUACAMOLE_ADMIN_PASSWORD=some_password \
    -e GUACAMOLE_DATABASE=guacamole_db \
    -e GUACAMOLE_USERNAME_FILE=/run/secrets/mysql-username \
    -e GUACAMOLE_PASSWORD_FILE=/run/secrets/mysql-password \
    -d keeper/guacamole-db-mysql
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeper-connection-manager/installation/docker-compose-install/database-images/keeper-guacamole-db-mysql.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.