-
-
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
# https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection | |
# requires pycryptodome lib (pip install pycryptodome) | |
import sys | |
import base64 | |
import os | |
import json | |
from Crypto.Cipher import AES | |
default_paths = [ | |
'~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
] | |
if len(sys.argv) < 2: | |
for path in default_paths: | |
filepath = os.path.expanduser(path) | |
try: | |
f = open(filepath, 'rb') | |
f.close() | |
break | |
except Exception as e: | |
pass | |
else: | |
filepath = sys.argv[1] | |
print(filepath) | |
#PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74]) | |
PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74]) | |
data = open(filepath, 'rb').read() | |
decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16]) | |
padded_output = decryptor.decrypt(data[16:]) | |
output = padded_output.rstrip(padded_output[-1:]) | |
try: | |
print(json.dumps(json.loads(output), indent=4, sort_keys=True)) | |
except: | |
print(output) |
Any clue on how to do this the other way around? I have to connect to an RDS DB that needs the password to be updated every 15 minutes. I would like to have a python script that updates the credentials-config.json automatically.
I need the same, any updates on that?
Shouldn't be too hard. If you take a look at the credentials json file, you'll see that you need the connection ID to know which one to update. Knowing that, you can just revert the decryption process (replace decrypt with encrypt, properly append encryption key, take care of padding), replace the encrypted value in the json and overwrite the file.
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2:
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Nice, I always like to have an one-liner solution!
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Brilliant! After wasting a few hours trying to figure it out, this just made my day! Thanks!
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works on Linux too.
You can also pipe it through jq
to get pretty output by appending | jq
Thanks a lot. That helped!
The script worked great on windows 10.
I have DBeaver installed from the Windows Store, and my path is:
r'C:\Users\[username]\AppData\Local\Packages\DBeaverCorp.DBeaverCE_1b7tdvn0p0f9y\LocalCache\Roaming\DBeaverData\workspace6\General.dbeaver\credentials-config.json'
A few tips for others using windows 10:
If you don't have Python installed, you can open the command line as an Administrator and type:
Python
Click enter and it will open the Windows Store with the Python 3.10 page ready to download
If you need to install pycryptodome then go back to the command line and type:
pip install pycryptodome
Click enter
Thank you very much,
I tested it, and both the python script and the openssl cmd work very well on mac.
I wonder if anyone has the openssl line to encrypt the file?
My flow would be to be able to generate connections from a script that would retrieve the data from AWS SSM.
Thanks very much for the solution.
Is it possible to re-encrypt the modified json, for example I want to update the expired passwords automatically?
Thank you so much, this script saved my day!
Thanks, works for DBeaver 22.3.0 on the Windows platform.
thank you very much) the most necessary script that should be at hand
Amazing, simple and very usefull!
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works almost perfectly for me. The one change I had to make was that my workspace was not named General. If you get ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json: No such file or directory
, then do an ls ~/Library/DBeaverData/workspace6
to find your workspace folder, then replace General in the above command.
I had a lot of connections with same DBs and sometimes same usernames, so...
If anyone need a version that gets the configuration of each connection also, I did a fork:
https://gist.github.com/athossampayo/c028acbfe3b9d0aa0ff230d4c9e35c83
thanks, still works
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Works on mac sonoma 14.4.1 and dbeaver 24.0.2.2024, thanks
Did not work for dbeaver 23.0.0 🫤
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Piping the result through jq . | less
formats it nicely.
The script saved my life. Thanks a lot!
Worked flawlessly with DBeaver 24.0.4.
I need the same, any updates on that?