lolcreds

Public credential defaults and exposure patterns for authorized security testing.

DBeaver

DBeaver Corpdatabase3 credentials

Credentials3 documented
01

Database Connection Credential

dbeaver / connection-credential

DBeaver stores database connection definitions in project data-sources files and secured information such as usernames, passwords, secret keys, and other connection secrets in encrypted credentials-config files or global secure storage.

user definedsecretsecret value

Location

config file
~/.local/share/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json

Default DBeaver project connection and encrypted credential files on Linux and macOS

config file
%APPDATA%\DBeaverData\workspace6\General\.dbeaver\data-sources.json, %APPDATA%\DBeaverData\workspace6\General\.dbeaver\credentials-config.json

Default DBeaver project connection and encrypted credential files on Windows

config file
.dbeaver/data-sources.json, .dbeaver/credentials-config.json, .dbeaver-data-sources.xml, data-sources.xml

Project-local DBeaver connection metadata and legacy connection files

secret store

DBeaver encrypted secure storage, operating-system credential stores, password vaults, and enterprise secret providers

database

Saved JDBC/ODBC connection profiles for database users, service accounts, SSH tunnels, SSL material, and cloud database auth

logs

DBeaver error logs, driver logs, SQL execution logs, exported diagnostics, and support bundles

source code

Exported connection profiles, shared project files, admin-provisioned connection bundles, and migration archives

Notes

DBeaver documentation states that secured information is encrypted in credentials-config.json. The file is still a credential surface because it contains recoverable connection secrets when paired with the user's DBeaver environment or master-password state.

02

Global Secure Storage

dbeaver / global-secure-storage

DBeaver stores global credentials in the DBeaverData secure directory and can protect them with a master password.

user definedsecretsecret value

Location

config file
~/.local/share/DBeaverData/secure/secure_storage, ~/Library/DBeaverData/secure/secure_storage

DBeaver global encrypted credential store on Linux and macOS

config file
%APPDATA%\DBeaverData\secure\secure_storage

DBeaver global encrypted credential store on Windows

secret store

DBeaver secure storage and master-password-protected credential storage

logs

Secure-storage troubleshooting logs and exported support diagnostics

Notes

The secure_storage file is encrypted; no plaintext value regex is added. Scanner value matching should rely on exact product-owned file paths and downstream DBeaver-specific parsing rather than generic password patterns.

03

Database SSH or SSL Private Key

dbeaver / database-private-key

DBeaver connections can reference SSH tunnel keys and database SSL client keys through connection configuration and secure storage.

user definedsecretkey pair

Looks like

pattern
pattern

Private-key header when DBeaver-managed or exported connection material contains an SSH or SSL private key

-----BEGIN (OPENSSH|RSA|EC|DSA|PRIVATE) PRIVATE KEY-----

Location

config file
~/.local/share/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json
config file
%APPDATA%\DBeaverData\workspace6\General\.dbeaver\data-sources.json, %APPDATA%\DBeaverData\workspace6\General\.dbeaver\credentials-config.json
config file
.dbeaver/data-sources.json, .dbeaver/credentials-config.json
secret store

DBeaver secure storage, operating-system credential stores, and password vaults containing tunnel or SSL key material

logs

SSH tunnel, SSL, JDBC driver, and connection troubleshooting logs

Notes

Generic SSH key files such as ~/.ssh/id_rsa are intentionally not listed; this entry only models DBeaver-owned connection and secure-storage surfaces.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.