-
Notifications
You must be signed in to change notification settings - Fork 3
Secret Requirements
dbeaver-devops edited this page Jun 3, 2026
·
2 revisions
Note: This feature is not available in dbvr Community.
This guide explains:
- which fields are read from a secret provider and mapped to connection configuration.
- how to reference a secret by name when creating a datasource.
A secret must contain connection parameters with names and values that match the selected database driver. These values are applied to connection settings at runtime.
Tip: For a step-by-step example, see Set up a secret provider.
reads connection parameters from key-value pairs in a secret and applies them to connection settings. The secret must store data in key-value format.
Important:
- Key names must match driver connection parameter names. For information on driver-specific fields, see your database driver documentation.
- Values from the secret override values entered in the connection configuration.
| Type | Description |
|---|---|
| Connection parameters | Standard connection settings such as host, port, database, or URL. |
| Credentials | Authentication settings such as username and password. |
| Driver properties | Additional parameters supported by the selected database driver. |
Secret:
{
"host": "db.example.com",
"port": 5432,
"user": "admin",
"password": "password"
}Connection settings:
- Host ->
db.example.com - Port ->
5432 - Username ->
admin - Password ->
password
When creating a datasource, pass --secret-manager <id> and --secret-name <name> to
datasource create or datasource update.
The name must match the identifier used in your provider.
- For HashiCorp Vault, use the full secret path (for example,
secret/demo-db). - For AWS Secrets Manager, use the secret name (for example,
my-secret). - For CyberArk Conjur, use the full variable path (for example,
app/dev/db/password).
- Getting started
- Reference
- Commands
- Connection options
- Databases support
- Administration
- About dbvr