Secret providers
Note
This feature is available in Lite, Enterprise, Ultimate and Team editions only.
Overview
DBeaver supports cloud-based secret providers from AWS Secrets Manager and HashiCorp Vault.
Before configuring a secret provider in DBeaver, ensure that:
- AWS Secrets Manager or HashiCorp Vault is set up.
- You have the necessary access permissions.
Configuring secret provider
- Open Window -> Preferences -> Connections -> Secret providers.
- Click Add.
- Select a provider from the dropdown menu and click OK.
- Fill in the required fields.
| Field | Description |
|---|---|
| Name | Identifier for the secret configuration in DBeaver. |
| Cloud | AWS configuration settings. For more details on configuration AWS Cloud in DBeaver, see AWS Cloud Explorer. |
| Region | AWS region where secret are stored. |
| Server | URL of the Vault server used to retrieve secrets. |
| Token | Authentication token required to access the Vault server. |
> Available fields depend on the selected provider.
- Click OK and Apply and Close to save the configuration.
- If you're using Vault, import certificate. Skip this step for AWS.
Creating a connection
- Start creating a connection
-
In the Create Connection wizard, go to the Main tab, choose secret provider configuration and enter the secret name in the Secret parameters field.
Info
The secret name must match the name stored in AWS Secrets Manager or HashiCorp Vault:
- For Vault, use the following format
secret/your_secret_name. - For AWS, use
your_secret_name.
- For Vault, use the following format
-
If the secret doesnāt include all required details (such as the
hostorport), enter them manually in the connection settings. - Click the Test Connection button to verify your settings. If configured correctly, DBeaver will establish a connection using the Secret Provider.
- Click Finish to save the connection.