Update 2017-08-25: Additional characters excluded due to problems with password handling in PHP applications using the Laravel framework on AWS ElasticBeanstalk
I needed to generate random master passwords for several Amazon RDS MySQL instances.
The specification is as follows:
The password for the master database user can be any printable ASCII character except "/", """, or "@". Master password constraints differ for each database engine.
MySQL, Amazon Aurora, and MariaDB
Must contain 8 to 41 characters.
I came up with this:
head -n 1 < <(fold -w 41 < <(LC_ALL=C tr -d '@"$`!/'\'\\ < <(LC_ALL=C tr -dc '[:graph:]' < /dev/urandom)))
If you prefer to use pipes (rather than process substitution) the command would look like this:
cat /dev/urandom | LC_ALL=C tr -dc '[:graph:]' | tr -d '@"$`!/'\'\\ | fold -w 41 | head -n 1
- take a stream of random bytes
- remove all chars not in the set specified by [:graph:], ie. get rid of everything that is not a printable ASCII character
- remove the chars that are explicitly not permitted by the RDS password specification and others that can cause problems if not handled correctly
- split the stream into lines 41 characters long, ie. the maximum password length
- stop after the first line