DBeaver
DBeaver Corpdatabase3 credentials
Database Connection Credential
dbeaver / connection-credential
DBeaver stores database connection definitions in project data-sources files and secured information such as usernames, passwords, secret keys, and other connection secrets in encrypted credentials-config files or global secure storage.
Location
~/.local/share/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.jsonDefault DBeaver project connection and encrypted credential files on Linux and macOS
%APPDATA%\DBeaverData\workspace6\General\.dbeaver\data-sources.json, %APPDATA%\DBeaverData\workspace6\General\.dbeaver\credentials-config.jsonDefault DBeaver project connection and encrypted credential files on Windows
.dbeaver/data-sources.json, .dbeaver/credentials-config.json, .dbeaver-data-sources.xml, data-sources.xmlProject-local DBeaver connection metadata and legacy connection files
DBeaver encrypted secure storage, operating-system credential stores, password vaults, and enterprise secret providers
Saved JDBC/ODBC connection profiles for database users, service accounts, SSH tunnels, SSL material, and cloud database auth
DBeaver error logs, driver logs, SQL execution logs, exported diagnostics, and support bundles
Exported connection profiles, shared project files, admin-provisioned connection bundles, and migration archives
Notes
DBeaver documentation states that secured information is encrypted in credentials-config.json. The file is still a credential surface because it contains recoverable connection secrets when paired with the user's DBeaver environment or master-password state.
Global Secure Storage
dbeaver / global-secure-storage
DBeaver stores global credentials in the DBeaverData secure directory and can protect them with a master password.
Location
~/.local/share/DBeaverData/secure/secure_storage, ~/Library/DBeaverData/secure/secure_storageDBeaver global encrypted credential store on Linux and macOS
%APPDATA%\DBeaverData\secure\secure_storageDBeaver global encrypted credential store on Windows
DBeaver secure storage and master-password-protected credential storage
Secure-storage troubleshooting logs and exported support diagnostics
Notes
The secure_storage file is encrypted; no plaintext value regex is added. Scanner value matching should rely on exact product-owned file paths and downstream DBeaver-specific parsing rather than generic password patterns.
Database SSH or SSL Private Key
dbeaver / database-private-key
DBeaver connections can reference SSH tunnel keys and database SSL client keys through connection configuration and secure storage.
Looks like
pattern-----BEGIN (OPENSSH|RSA|EC|DSA|PRIVATE) PRIVATE KEY-----Location
~/.local/share/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/data-sources.json, ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json%APPDATA%\DBeaverData\workspace6\General\.dbeaver\data-sources.json, %APPDATA%\DBeaverData\workspace6\General\.dbeaver\credentials-config.json.dbeaver/data-sources.json, .dbeaver/credentials-config.jsonDBeaver secure storage, operating-system credential stores, and password vaults containing tunnel or SSL key material
SSH tunnel, SSL, JDBC driver, and connection troubleshooting logs
Notes
Generic SSH key files such as ~/.ssh/id_rsa are intentionally not listed; this entry only models DBeaver-owned connection and secure-storage surfaces.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.