So i've been on a bit of a quest to nail down the reasons i can't autodeploy (via saltstack) mariadb-grants and mariadb-users. But this has nothing to do with saltstack, as i've boiled it down to direct commands executed on 10.3.17 Using ALTER USER foo@'bar' seems to double encode the password: MariaDB [mysql]> select User, Host, Password from user where User = 'jeff'; +------+----------+-------------------------------------------+ | User | Host | Password | +------+----------+-------------------------------------------+ | jeff | 172.16.% | *D02D4C65F4A93325D91DC9E07D45521A8CD2960B | +------+----------+-------------------------------------------+ 1 row in set (0.000 sec) MariaDB [mysql]> alter user jeff@'172.16.%' identified by '*D02D4C65F4A93325D91DC9E07D45521A8CD2960B'; Query OK, 0 rows affected (0.000 sec) MariaDB [mysql]> select User, Host, Password from user where User = 'jeff'; +------+----------+-------------------------------------------+ | User | Host | Password | +------+----------+-------------------------------------------+ | jeff | 172.16.% | *42EF65913FAC3841BEFC25DBCBBB800364B91853 | +------+----------+-------------------------------------------+ 1 row in set (0.000 sec) MariaDB [mysql]> alter user jeff@'172.16.%' identified with mysql_native_password as '*D02D4C65F4A93325D91DC9E07D45521A8CD2960B'; Query OK, 0 rows affected (0.000 sec) MariaDB [mysql]> select User, Host, Password from user where User = 'jeff'; +------+----------+-------------------------------------------+ | User | Host | Password | +------+----------+-------------------------------------------+ | jeff | 172.16.% | *D02D4C65F4A93325D91DC9E07D45521A8CD2960B | +------+----------+-------------------------------------------+ MariaDB [mysql]> select password('*D02D4C65F4A93325D91DC9E07D45521A8CD2960B'); +-------------------------------------------------------+ | password('*D02D4C65F4A93325D91DC9E07D45521A8CD2960B') | +-------------------------------------------------------+ | *42EF65913FAC3841BEFC25DBCBBB800364B91853 | +-------------------------------------------------------+ I can use SET PASSWORD FOR.... MariaDB [mysql]> set password for jeff@'172.16.%' = '*D02D4C65F4A93325D91DC9E07D45521A8CD2960B'; Query OK, 0 rows affected (0.000 sec) MariaDB [mysql]> select User, Host, Password from user where User = 'jeff'; +------+----------+-------------------------------------------+ | User | Host | Password | +------+----------+-------------------------------------------+ | jeff | 172.16.% | *D02D4C65F4A93325D91DC9E07D45521A8CD2960B | +------+----------+-------------------------------------------+ but as you can see above, i can not use alter user jeff@'172.16.%' identified by 'hash' without using mysql_native_password as 'hashed_password' If this does not have enough info i'm glad to give it. if you can decrypt the hash, bully its not my real password :) Thanks and Best, Jeff