Managing Master Password
Note: This feature is available in Lite, Enterprise and Ultimate editions only.
Table of contents
Overview
The Master password feature strengthens the security of DBeaver by encrypting credentials and sensitive data using a secure storage system.
When you use the Master password feature:
- Isolated Security: Connection details cannot be shared with other users because credentials are securely stored in an encrypted, user-specific location.
- Individual Protection: Each set of credentials is safeguarded by the local user's own the Master password, ensuring personalized security.
Project Specificity: Connections with passwords can't be shared across users in projects because of the secure, user-specific storage. For more details, see Project Security article.
Security considerations
Secure storage is designed with security prioritization, which has certain trade-offs:
- Non-Portability: The approach does not support the portability or sharing of configurations among a team of developers, which is mainly due to the OS-specific nature of password storage.
User-Specific Encryption: The Master Password secures data by locking it to your specific device.
Encrypted data
DBeaver requires the Master password in these cases:
- Connecting to databases: When you connect to a database with saved credentials.
- Editing connections: If you open a connection's settings and it includes credentials.
- Using Cloud Explorer or Cloud Storage: The Master Password is necessary for any cloud setup.
- Using Git: To secure your Git credentials with encryption.
- Setting up email profiles or editing email tasks: When setting up or changing email settings for tasks (like notifications), if those credentials are encrypted.
Using Tableau: The Master Password is necessary for connecting or publishing data to Tableau.
Configuring Master Password
To set up the Master Password in DBeaver:
- Go to Window -> Preferences -> General -> Security and click Change password.
- (Alternatively) When you first attempt to save secure data - DBeaver will prompt you to set up a Master Password.
Once the Master Password provider is selected, you can manage secure storage with the following options:
Button | Description |
---|---|
Change password | If a Master password has not been set, this option initiates the process of creating one. If a Master password is already in place, it allows for changing to a new master password. |
Recover password | Available after setting a Master password, this feature uses password hints and recovery questions to help recover a forgotten master password. |
Important: DBeaver does not store the Master Password. If both the password and password hints are forgotten, the Master Password cannot be recovered or reset.
Setting a password hint
When creating a Master password, it is recommended to set up a password hint. This hint will assist you if you need to recover your password.
When prompted, select Yes to provide a password hint after creating a Master password.
Enter a hint that will help you remember the password without revealing it directly.
Changing the Master password
To change the Master password, follow these steps:
- In the Security tab, click on the Change Password button
- Follow prompts to change the Master Password.
Important: When you change your Master password, the old one cannot be viewed or retrieved after recovery. Ensure you remember your new password or write it down in a secure place.
Recovering the Master Password
If you've forgotten your Master Password, you can attempt to recover it by following these steps:
- In the Security settings, click Recover password.
Answer the security questions that were set up during the hint setup (if available).
Note:
- The questions and answers are case-sensitive.
- Treat the answers as secondary passwords; they should be kept confidential and secure.
After successfully answering the questions, you’ll see a confirmation message: "The 'master' password has been successfully recovered and is cached in memory.".
Use this recovery process as a secure backup if you forget your Master Password. However, if you didn’t set up security questions initially, password recovery won’t be available.
Once recovered, you can:
- Change the Master Password by selecting Change password.
Delete the Master Password by selecting Delete password.
Deleting the Master Password
Warning: Be aware that deleting the Master password will result in the loss of all saved credentials.
- Go to Window -> Preferences -> General -> Security.
- Click See what secured data was saved -> Delete.
- Confirm the action when prompted.
- Restart DBeaver for the changes to take effect.
Administrator configuration of Master password policy
Administrators can customize various aspects of the Master password policy. This includes setting the minimum length of the password, the minimum count of letters, digits, and symbols required, and the enforcement of mixed case (uppercase and lowercase letters) in the Master password. For detailed instructions on configuring these settings, please refer to the Admin Preference Restrictions article.
Note: Currently, this functionality is limited to Windows users and is only accessible through the Windows Registry.