-
-
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
# https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection | |
# requires pycryptodome lib (pip install pycryptodome) | |
import sys | |
import base64 | |
import os | |
import json | |
from Crypto.Cipher import AES | |
default_paths = [ | |
'~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
] | |
if len(sys.argv) < 2: | |
for path in default_paths: | |
filepath = os.path.expanduser(path) | |
try: | |
f = open(filepath, 'rb') | |
f.close() | |
break | |
except Exception as e: | |
pass | |
else: | |
filepath = sys.argv[1] | |
print(filepath) | |
#PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74]) | |
PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74]) | |
data = open(filepath, 'rb').read() | |
decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16]) | |
padded_output = decryptor.decrypt(data[16:]) | |
output = padded_output.rstrip(padded_output[-1:]) | |
try: | |
print(json.dumps(json.loads(output), indent=4, sort_keys=True)) | |
except: | |
print(output) |
Thanks very much for the solution.
Is it possible to re-encrypt the modified json, for example I want to update the expired passwords automatically?
Thank you so much, this script saved my day!
Thanks, works for DBeaver 22.3.0 on the Windows platform.
thank you very much) the most necessary script that should be at hand
Amazing, simple and very usefull!
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works almost perfectly for me. The one change I had to make was that my workspace was not named General. If you get ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json: No such file or directory
, then do an ls ~/Library/DBeaverData/workspace6
to find your workspace folder, then replace General in the above command.
I had a lot of connections with same DBs and sometimes same usernames, so...
If anyone need a version that gets the configuration of each connection also, I did a fork:
https://gist.github.com/athossampayo/c028acbfe3b9d0aa0ff230d4c9e35c83
thanks, still works
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Works on mac sonoma 14.4.1 and dbeaver 24.0.2.2024, thanks
Did not work for dbeaver 23.0.0 🫤
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Piping the result through jq . | less
formats it nicely.
The script saved my life. Thanks a lot!
Worked flawlessly with DBeaver 24.0.4.
Thank you very much,
I tested it, and both the python script and the openssl cmd work very well on mac.
I wonder if anyone has the openssl line to encrypt the file?
My flow would be to be able to generate connections from a script that would retrieve the data from AWS SSM.