diff --git a/docker/mariadb/Dockerfile.j2 b/docker/mariadb/Dockerfile.j2
index fbc699290e..a840d9b8da 100644
--- a/docker/mariadb/Dockerfile.j2
+++ b/docker/mariadb/Dockerfile.j2
@@ -29,6 +29,8 @@ RUN apt-get install -y --no-install-recommends \
 {% endif %}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+COPY security_reset.expect /usr/local/bin/kolla_security_reset
+RUN chmod 755 /usr/local/bin/kolla_extend_start \
+    && chmod 755 /usr/local/bin/kolla_security_reset
 
 {{ include_footer }}
diff --git a/docker/mariadb/extend_start.sh b/docker/mariadb/extend_start.sh
index 6fa4506758..8a8699b886 100644
--- a/docker/mariadb/extend_start.sh
+++ b/docker/mariadb/extend_start.sh
@@ -5,26 +5,7 @@ function bootstrap_db {
 
     # Waiting for deamon
     sleep 10
-    expect -c '
-    set timeout 10
-    spawn mysql_secure_installation
-    expect "Enter current password for root (enter for none):"
-    send "\r"
-    expect "Set root password?"
-    send "y\r"
-    expect "New password:"
-    send "'"${DB_ROOT_PASSWORD}"'\r"
-    expect "Re-enter new password:"
-    send "'"${DB_ROOT_PASSWORD}"'\r"
-    expect "Remove anonymous users?"
-    send "y\r"
-    expect "Disallow root login remotely?"
-    send "n\r"
-    expect "Remove test database and access to it?"
-    send "y\r"
-    expect "Reload privilege tables now?"
-    send "y\r"
-    expect eof'
+    kolla_security_reset
 
     mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
     mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
diff --git a/docker/mariadb/security_reset.expect b/docker/mariadb/security_reset.expect
new file mode 100644
index 0000000000..7c720136ff
--- /dev/null
+++ b/docker/mariadb/security_reset.expect
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn mysql_secure_installation
+expect "Enter current password for root (enter for none):"
+send "\r"
+expect "Set root password?"
+send "y\r"
+expect "New password:"
+send "$env(DB_ROOT_PASSWORD)\r"
+expect "Re-enter new password:"
+send "$env(DB_ROOT_PASSWORD)\r"
+expect "Remove anonymous users?"
+send "y\r"
+expect "Disallow root login remotely?"
+send "n\r"
+expect "Remove test database and access to it?"
+send "y\r"
+expect "Reload privilege tables now?"
+send "y\r"
+expect eof