Skip to content

secret manager

dbeaver-devops edited this page Jun 2, 2026 · 2 revisions

Note: This feature is available in dbvr Pro only.

Table of contents

secret-manager - manage secret manager configurations in dbvr.

Synopsis

dbvr secret-manager [-hV] [COMMAND]

Tip: You can also use global options with this command.

Description

By default, database credentials are stored in the workspace configuration. Secret managers let you avoid that - instead of putting passwords into config files, dbvr fetches them from an external secrets service at runtime. This keeps credentials out of the workspace and makes it easier to rotate them without updating datasource configurations.

Supported secret managers:

Secret manager Description Documentation
AWS Secrets Manager Managed service from AWS for storing and retrieving secrets securely. Requires IAM permissions. AWS documentation
AWS Systems Manager Parameter Store AWS service for storing configuration data and secrets. Integrates with IAM and supports encryption via KMS. AWS documentation
HashiCorp Vault Open-source tool for managing secrets and protecting sensitive data. Supports fine-grained access control. HashiCorp documentation
CyberArk Enterprise-grade security platform designed for managing privileged access and secrets. CyberArk documentation

Before configuring a secret provider in dbvr, ensure that:

  • Secret provider is set up.
  • You have the necessary access permissions.

To use a secret manager with a datasource, pass --secret-manager and --secret-name to datasource create or datasource update.

You can create, update, view, list, or delete secret manager configurations from the command line.

Commands

  • create

    Create a new secret manager configuration.

  • update

    Update an existing secret manager configuration.

  • delete

    Delete a secret manager configuration.

  • list

    List all configured secret managers.

  • view

    View the full configuration of a specific secret manager.

Clone this wiki locally