[SECURITY] drivers.xml file should be encrypted

[valentintraen]

Is your feature request related to a problem? Please describe.

When you manually add properties to a driver in dbeaver, they are visible clearly in the drivers.xml file. Several parameters such as password, certificates etc... are sensitive.

Describe the solution you'd like

It would be great to encrypt the drivers.xml file.

[ged-yuko]

But.. drivers' configuration is not intended for connection-specific parameters, like credentials! Driver's configuration applied for all the database connections using this driver including connections of other users! If you want to set specific driver properties for a certain connection, you should use connection-specific driver properties in the corresponding connection's settings, not the global driver properties.

[valentintraen]

When you have hundreds of connections with ldap accounts whose passwords change regularly, you don't really have a choice... :(

[ged-yuko]

So then its about sharing credentials between connections to simplify batch credentials update, not about driver configuration. =)

[valentintraen]

yes absolutely, you choose the way of implementation that seems cleanest to you.

[ged-yuko]

It is not the way of implementation. With respect to the real problem, these are completely different features. DBeaver seems just doesn't cover your specific scenario by default, so to walk around this you used driver configuration to keep authentication parameters, which completely contradicts its purpose. As a result you've come up with a requirement to encrypt intentionally shared piece of configuration, which is available for modifications by design due to its purpose. While the real problem it that you needed completely different feature to fulfill your real needs: to be able to share credentials between connections and get centralized management of these shared credentials.

As far as i can tell from this issue, such a feature might be already available in PRO versions of DBeaver.

[E1izabeth]

Thank you @ged-yuko
You're right, we have such feature in PRO editions. You can read more about it here https://github.com/dbeaver/dbeaver/wiki/Authentication-DBeaver-profile

@valentintraen you can try 14-days trial version https://dbeaver.com/trial/ to check if it's what you need

[valentintraen]

And what about the keyStorePassword propertie ? because as described in the first message, user password is not the only parameter .... (https://dbeaver.com/docs/dbeaver/SSL-Configuration/)

[E1izabeth]

@valentintraen, you can specify all connection parameters, including sensitive ones, in the Connection configuration->Connection settings->Driver properties. Then, they will be stored in connection configuration instead of drivers.xml and will not be shared with all connections.

Drivers configuration is not intended to be secure.

[valentintraen]

Yes, so always problematic if you have several hundred connections and you need to rotate it... Too bad!

[E1izabeth]

We have profiles for such cases