Secret Providers
Note: This feature is available in Lite, Enterprise, Ultimate and Team editions only.
Table of contents
Overview
DBeaver supports cloud-based secret providers from AWS Secrets Manager and HashiCorp Vault.
Before configuring a secret provider in DBeaver, ensure that:
- AWS Secrets Manager or HashiCorp Vault is set up.
You have the necessary access permissions.
Configuring secret provider
- Open Window -> Preferences -> Connections -> Secret providers.
- Click Add.
- Select a provider from the dropdown menu and click OK.
AWS secret provider settings
Fill in the required fields.
Field Description Name Identifier for the secret configuration in DBeaver. Cloud AWS configuration settings. For more details on configuring AWS Cloud in DBeaver, see AWS Cloud Explorer. Region AWS region where secrets are stored. Click OK and Apply and Close to save the configuration.
Vault secret provider settings
Fill in the required fields.
Field Description Name Identifier for the secret configuration in DBeaver. Server URL of the Vault server used to retrieve secrets. Token Authentication token required to access the Vault server. Click OK and Apply and Close to save the configuration.
- Import certificate if required.
Creating a connection
- Start creating a connection
In the Create Connection wizard, go to the Main tab, choose secret provider configuration and enter the secret name in the Secret parameters field.
The secret name must match the name stored in AWS Secrets Manager or HashiCorp Vault:
- For Vault, use the following format
secret/your_secret_name. - For AWS, use
your_secret_name.
- For Vault, use the following format
If the secret doesn’t include all required details (such as the
hostorport), enter them manually in the connection settings.- Click the Test Connection button to verify your settings. If configured correctly, DBeaver will establish a connection using the Secret Provider.
- Click Finish to save the connection.