Skip to content

Add details to the --initialize-secure option (#21738) #21810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Sep 19, 2025
Merged

Add details to the --initialize-secure option (#21738) #21810

merged 8 commits into from
Sep 19, 2025

Conversation

ti-chi-bot
Copy link
Member

This is an automated cherry-pick of #21738

First-time contributors' checklist

What is changed, added or deleted? (Required)

See also: https://github.com/pingcap/tidb/blob/master/docs/design/2021-09-29-secure-bootstrap.md

Which TiDB version(s) do your changes apply to? (Required)

Tips for choosing the affected version(s):

By default, CHOOSE MASTER ONLY so your changes will be applied to the next TiDB major or minor releases. If your PR involves a product feature behavior change or a compatibility change, CHOOSE THE AFFECTED RELEASE BRANCH(ES) AND MASTER.

For details, see tips for choosing the affected versions.

  • master (the latest development version)
  • v9.0 (TiDB 9.0 versions)
  • v8.5 (TiDB 8.5 versions)
  • v8.1 (TiDB 8.1 versions)
  • v7.5 (TiDB 7.5 versions)
  • v7.1 (TiDB 7.1 versions)
  • v6.5 (TiDB 6.5 versions)
  • v6.1 (TiDB 6.1 versions)
  • v5.4 (TiDB 5.4 versions)

What is the related PR or file link(s)?

  • This PR is translated from:
  • Other reference link(s):

Do your changes match any of the following descriptions?

  • Delete files
  • Change aliases
  • Need modification after applied to another branch
  • Might cause conflicts after applied to another branch

@ti-chi-bot ti-chi-bot added lgtm needs-1-more-lgtm Indicates a PR needs 1 more LGTM. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/cherry-pick-for-release-8.5 This PR is cherry-picked to release-8.5 from a source PR. type/enhancement The issue or PR belongs to an enhancement. labels Sep 19, 2025
@ti-chi-bot ti-chi-bot mentioned this pull request Sep 19, 2025
Merged
14 tasks
@gemini-code-assist Gemini Code Assist
Copy link

Summary of Changes

Hello @ti-chi-bot, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the clarity and completeness of the documentation surrounding the --initialize-secure option. The changes aim to provide users with a more detailed understanding of how this option contributes to initial root user security by leveraging auth_socket authentication, thereby restricting network access for the first connection. This ensures that users can implement more robust security configurations from the outset.

Highlights

  • Documentation Update: The documentation for the --initialize-secure option has been significantly updated to provide clearer details on its functionality and security implications.
  • Enhanced Security Explanation: The description now explicitly states that --initialize-secure controls the creation of a root account using auth_socket authentication, enforcing a more secure socket connection for the initial login.
  • Security Best Practices Integration: A reference to the --initialize-secure option has been added to the best-practices-for-security-configuration.md guide, advising its use to restrict network access for the initial root user.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 19, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request improves the documentation for the --initialize-secure option by adding more details about its function and linking to it from the security best practices page. The changes are clear and helpful. I've suggested a minor wording improvement to enhance readability in one of the files, in line with our style guide's emphasis on clarity and simplicity.

@dveeden @gemini-code-assist
Update command-line-flags-for-tidb-configuration.md
c38cf2a 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@qiancai
Copy link
Collaborator

qiancai commented Sep 19, 2025

/approve

@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Sep 19, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qiancai

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added the approved label Sep 19, 2025
@ti-chi-bot ti-chi-bot bot merged commit 8c0cda9 into pingcap:release-8.5 Sep 19, 2025
7 of 9 checks passed
@ti-chi-bot ti-chi-bot bot deleted the cherry-pick-21738-to-release-8.5 branch September 19, 2025 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qiancai qiancai qiancai approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@dveeden dveeden

Labels
approved lgtm needs-1-more-lgtm Indicates a PR needs 1 more LGTM. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/cherry-pick-for-release-8.5 This PR is cherry-picked to release-8.5 from a source PR. type/enhancement The issue or PR belongs to an enhancement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ti-chi-bot @qiancai @dveeden