Project security
Note: This feature is available in Lite, Enterprise and Ultimate editions only.
Table of contents
Overview
DBeaver provides strong security features to help you manage and protect sensitive connection data within your projects. This includes safely storing credentials and settings for:
- Database server user credentials.
- SSH tunnel user credentials.
- Proxy user credentials.
- AWS SSM parameters.
By default, user names and passwords are stored in the credentials-config.json
file, encrypted with a DES key.
However, this key is not secure as it is publicly available in DBeaver source files, making it possible for unauthorized
third parties to decrypt the file using external software.
Tip: For more secure options, you can read the Security in DBeaver PRO article.
Project password management
You can secure your DBeaver project by setting a Project password, which encrypts the project's configuration.
Setting a Project password
To enable a Project password:
Open the project properties:
- Navigate to File -> Project Security in the main menu.
- Click the Configure icon in the Project Explorer toolbar, then switch to the Project Security tab.
- Press ALT+Enter for Windows/⌘+I for macOS on your Project folder in the Projects view and switch to the Project Security tab.
In the Project Security page, click the Set password button to initiate password setting. You will be prompted to enter and confirm the password.
After setting the password, be sure to click on Apply or Apply and Close to save the changes.
Disabling a Project password
To disable your Project password:
- Access the project properties as outlined in the setting section.
- Click the Clear password button.
- Click on Apply or Apply and Close to save the changes.
- In the confirmation dialog that appears, click Yes to finalize the removal of the project password.
Resetting a forgotten Project password
If you forget your Project password, you can reset it during the login process.
Important: Resetting your password when forgotten will delete all stored database credentials, requiring reconfiguration.
Master password
It is possible to set a Master password for all Projects in a local workspace. The Master password provides an additional layer of security by storing credentials in a secure local storage.
The side effect of using a Master password is that it affects the ability to share projects with complete credentials. If a Master password is enabled, credentials are stored locally and are not included when you export the project.
This means that while you can export a project with all settings, the credentials for connections will not be included if a Master password is active. In contrast, if no Master password is set, exported projects will include the connection credentials.
For more information about the Master password, refer to the Managing Master Password article.