dbeaver

Recover DB password stored in my DBeaver connection


I forgot the password of a dev instance (irresponsible.. yeah, I am working on it). I have the connection saved in my DBeaver with the password. I am still able to connect using that connection. DBeaver is not showing it in plain text. Is there anyway I can retrieve the password? Asking DBA to reset the password is the last resort. I tried to copy paste to a notepad, copying is disabled apparently.


Solution

  • For newer DBeaver ( 6.1.3+ )

    The credential file is located ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json (I was on Mac). I put together a javascript function here https://www.bugdays.com/dbeaver-password-decrypter to decrypt it. Go there and select credentials-config.json file, bugdays will decrypt it and display it. Its purely within client side, there is no server uploading (However its a risky practice)

    Another option is to use one of the scripts from the comments.

    Pre- DBeaver 6.1.3

    Follow these steps (My DBeaver version was 3.5.8 and it was on Mac OsX El Capitan)

    1. Locate the file in which DBeaver stores the connection details. For me, it was in this location ~/.dbeaver/General/.dbeaver-data-sources.xml. This file is hidden, so keep that in mind when you look for it.
    2. Locate your interested Datasource Definition node in that file.
    3. Decrypt the password: Unfortunately, everything is in plain text except password; Password is in some kind of Encrypted form. Decrypt it to plain-text using this tool.

    Original Answer

    I put together a quick and dirty Java program by copying core of DBeaver's method for decrypting the password. Once you have the Encrypted password string, just execute this program, it will convert the password to plain text and prints it

    How to run it

    On Line Number 13, just replace OwEKLE4jpQ== with whatever encrypted password you are finding in .dbeaver-data-sources.xml file for your interested datasource. Compile it and run it, it will print the plain-text password.

    https://github.com/jaisonpjohn/dbeaver-password-retriever/blob/master/SimpleStringEncrypter.java

    Apparently, this is a "Popular" mistake. So I have deployed an AWS lambda function with the aforementioned code. Use this at your own risk, you will never know whether I am logging your password or not

    curl https://lmqm83ysii.execute-api.us-west-2.amazonaws.com/prod/dbeaver-password-decrypter \
    -X POST --data "OwEKLE4jpQ=="
    

    Even better, here is the UI https://bugdays.com/dbeaver-password-decrypter. This goes without saying, use this at your own risk