The Master password feature strengthens the security of DBeaver by encrypting credentials and sensitive data using a secure storage system.
When you use the Master password feature:
- Isolated Security: Connection details cannot be shared with other users because credentials are securely stored in an encrypted, user-specific location.
- Individual Protection: Each set of credentials is safeguarded by the local user’s own the Master password, ensuring personalized security.
- Project Specificity: Connections with passwords can’t be shared across users in projects because of the secure, user-specific storage. For more details, see Project Security article
ecurity considerations
Secure storage is designed with security prioritization, which has certain trade-offs:
- Non-Portability: The approach does not support the portability or sharing of configurations among a team of developers, which is mainly due to the OS-specific nature of password storage.
- User-Specific Encryption: The Master Password secures data by locking it to your specific device.
Encrypted data
DBeaver requires the Master password in these cases:
- Connecting to databases: When you connect to a database with saved credentials.
- Editing connections: If you open a connection’s settings and it includes credentials.
- Using Cloud Explorer or Cloud Storage: The Master Password is necessary for any cloud setup.
- Using Git: To secure your Git credentials with encryption.
- Setting up email profiles or editing email tasks: When setting up or changing email settings for tasks (like notifications), if those credentials are encrypted.
- Using Tableau: The Master Password is necessary for connecting or publishing data to Tableau.
- Using AI features: To store and encrypt your AI access token.
To set up the Master Password in DBeaver:
- Go to Window -> Preferences -> General -> Security and click Change password.
- (Alternatively) When you first attempt to save secure data – DBeaver will prompt you to set up a Master Password.
