-
-
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
| # https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection | |
| # requires pycryptodome lib (pip install pycryptodome) | |
| import sys | |
| import base64 | |
| import os | |
| import json | |
| from Crypto.Cipher import AES | |
| default_paths = [ | |
| '~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| '~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| '~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| '~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| ] | |
| if len(sys.argv) < 2: | |
| for path in default_paths: | |
| filepath = os.path.expanduser(path) | |
| try: | |
| f = open(filepath, 'rb') | |
| f.close() | |
| break | |
| except Exception as e: | |
| pass | |
| else: | |
| filepath = sys.argv[1] | |
| print(filepath) | |
| #PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74]) | |
| PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74]) | |
| data = open(filepath, 'rb').read() | |
| decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16]) | |
| padded_output = decryptor.decrypt(data[16:]) | |
| output = padded_output.rstrip(padded_output[-1:]) | |
| try: | |
| print(json.dumps(json.loads(output), indent=4, sort_keys=True)) | |
| except: | |
| print(output) |
Thanks a lot. That helped!
To run under Windows 10 I had to change the default_paths list to only one path of
'~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json'as can be seen here:
https://gist.github.com/mi544/7ed65c162f595161531d45d732e509d0
I also had to install pycryptodome instead of pycrypto
pip install pycryptodomeHope it helps!
Still works fine on DBeaver 7.3.1
I couldn't find where I put my DB password, and this script retrieved it for me.
Thank you 👍
amazing script
Thanks, @mi544 !
I can confirm that this works on Windows 10, dbeaver version 7.3.4.
Thanks @mi544, I just updated the script according to your suggestions:
- Add Windows 10 compatibility by adding the credentials config file path used on Windows
- Replaced pycrypto dependency with pycryptodome (pycrypto is no longer maintained pycrypto/pycrypto#301)
Thanks - saved me today.
Worked on:
- Windows 10 64bit 20H2
- DBeaver 21.0.5 64bit
👍
Still works on:
- Windows 10 Pro 64 bit
- Dbeaver 21.1.3
See @mi544's comments above.
Any clue on how to do this the other way around?
I have to connect to an RDS DB that needs the password to be updated every 15 minutes. I would like to have a python script that updates the credentials-config.json automatically.
Gracias!!
Any clue on how to do this the other way around? I have to connect to an RDS DB that needs the password to be updated every 15 minutes. I would like to have a python script that updates the credentials-config.json automatically.
I need the same, any updates on that?
Any clue on how to do this the other way around? I have to connect to an RDS DB that needs the password to be updated every 15 minutes. I would like to have a python script that updates the credentials-config.json automatically.
I need the same, any updates on that?
Shouldn't be too hard. If you take a look at the credentials json file, you'll see that you need the connection ID to know which one to update. Knowing that, you can just revert the decryption process (replace decrypt with encrypt, properly append encryption key, take care of padding), replace the encrypted value in the json and overwrite the file.
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2:
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Nice, I always like to have an one-liner solution!
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Brilliant! After wasting a few hours trying to figure it out, this just made my day! Thanks!
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works on Linux too.
You can also pipe it through jq to get pretty output by appending | jq
Thanks a lot. That helped!
The script worked great on windows 10.
I have DBeaver installed from the Windows Store, and my path is:
r'C:\Users\[username]\AppData\Local\Packages\DBeaverCorp.DBeaverCE_1b7tdvn0p0f9y\LocalCache\Roaming\DBeaverData\workspace6\General.dbeaver\credentials-config.json'
A few tips for others using windows 10:
If you don't have Python installed, you can open the command line as an Administrator and type:
Python
Click enter and it will open the Windows Store with the Python 3.10 page ready to download
If you need to install pycryptodome then go back to the command line and type:
pip install pycryptodome
Click enter
Thank you very much,
I tested it, and both the python script and the openssl cmd work very well on mac.
I wonder if anyone has the openssl line to encrypt the file?
My flow would be to be able to generate connections from a script that would retrieve the data from AWS SSM.
Thanks very much for the solution.
Is it possible to re-encrypt the modified json, for example I want to update the expired passwords automatically?
Thank you so much, this script saved my day!
Thanks, works for DBeaver 22.3.0 on the Windows platform.
thank you very much) the most necessary script that should be at hand
Amazing, simple and very usefull!
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works almost perfectly for me. The one change I had to make was that my workspace was not named General. If you get ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json: No such file or directory, then do an ls ~/Library/DBeaverData/workspace6 to find your workspace folder, then replace General in the above command.
I had a lot of connections with same DBs and sometimes same usernames, so...
If anyone need a version that gets the configuration of each connection also, I did a fork:
https://gist.github.com/athossampayo/c028acbfe3b9d0aa0ff230d4c9e35c83
thanks, still works
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/nullThanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This still working in the current version (7.2.5). Cheers.