Document DSN password URL-encoding requirement for MySQL connection string #1606
Description
I'm working on a new repo to automate the tracker deployment (still experimental), and I have realised we can have problems with the DB passwords automatically generated.
When configuring the tracker with a MySQL DSN (e.g. mysql://user:password@host:3306/db), reserved URL characters in the password (notably + and /) must be percent-encoded. Otherwise, the DSN may be parsed incorrectly, and the tracker fails to connect to MySQL despite correct credentials.
In the official deployment tutorial, we use SQLite, so this is not a problem.
Why this matters
In many deployments, the DSN is built from environment variables (e.g. docker-compose). If MYSQL_PASSWORD contains reserved characters, the URL becomes invalid unless encoded first.
Standard secret generators produce base64 strings that include + and /, which are problematic in the URL password component.
Symptoms
- Tracker fails to start or cannot connect to MySQL
- Auth errors from MySQL despite the correct user password
- Errors trace back to the DSN parsing
Proposed improvements
-
Documentation: Add a short note in configuration docs clarifying that credentials in DSNs must be URL-encoded, with a quick example (e.g. Python urllib.parse.quote or shell snippet) and/or recommend URL-safe secrets (A–Z, a–z, 0–9, -, _).
-
Examples: Ensure docker-compose examples either:
- Use URL-safe secrets for MYSQL_PASSWORD, or
- Show how to provide an already-encoded value in the DSN
- (Optional) Alternative config: Consider supporting separate config fields for user/password (not embedded in the DSN), to avoid URL-encoding pitfalls.
cc @da2ce7