DBeaver Documentation


Project security

Note: This feature is available in Lite, Enterprise, Ultimate and Team editions only.

DBeaver supports local storage for connection secure data. It includes:

  • Database server user credentials
  • SSH tunnel user credentials
  • Proxy user credentials

By default, user names and passwords are stored in the credentials-config.json file, encrypted with a DES key. However, this key is not secure as it is publicly available in DBeaver source files, making it possible for unauthorized third parties to decrypt the file using external software. For more secure options, you can read about security options in DBeaver PRO.

Master password for local configuration

It is possible to set a master password for all projects in a local workspace. Go to Preferences->Database->Security and enable the option Use secure passwords storage. There are several password storage providers (you can see them on page General->Security->Secure Storage), DBeaver Enterprise Password Provider is the default one (in standalone DBeaver). It will ask you to specify master password. DBeaver doesn't store this password anywhere, it only encrypts user credentials in a special local storage. It is not possible to decrypt this password without a password (at least easily).

The side effect of this configuration is that you cannot share your connections (with password) between different users because user credentials are stored in a completely separate location and they are protected by a local user password.

Use Windows Integration password provider

You can disable the default password provider and enable a "Windows Integration" provider. This provider does not need a master password but it uses a randomly generated password stored in a local user secure storage (in Windows). This is easier (as you don't need to remember the master password) but less secure (anybody who has access to your Windows user account will have access to DBeaver's stored credentials).

Project password

You may specify a password for a project. It will encrypt all the project's configurations with this password. Also, you will be able to share your project settings with other users (you will need to pass the project password as well).

In order to enable a project password open the project properties. You can do this by:

  • Clicking on main menu File->Project security
  • Clicking on "Configure" icon in the project explorer view toolbar and switching to the Project Security tab
  • Pressing ALT+Enter on a project element in Projects view and switch to Project Security tab

On the project security page click on the "Set Password" button to enable the project password. Click on Clear to disable it (you will need to enter a current project password to clear it).

Did we resolve your issue?