MySQL Workbench
The vault provides a convenient secure storage for passwords used to access MySQL servers. By using the vault, you need not enter credentials every time MySQL Workbench attempts to connect to a server.
The host name is used for storing password information. For example, a local connection might use "localhost", "127.0.0.1", or "::1", but these are stored separately in the password storage vault, even if they all resolve to the same place.
The vault is implemented differently on each platform:
Windows: The vault is an
encrypted file in the MySQL Workbench data
directory. This is where connections.xml
and related files are located. The file is encrypted using a
Windows API which performs the encryption based on the current
user, so only the current user can decrypt it. As a result it
is not possible to decrypt the file on any other computer. It
is possible to delete the file, in which case all stored
passwords are lost, but MySQL Workbench will otherwise perform as
expected. You then must re-enter passwords as required.
macOS: The vault is
implemented using the Secure Keychain. The keychain content is
also viewable from the native Keychain
Access.app
utility.
Linux: The vault works by
storing passwords using the libsecret
library, which communicates with Secret Service. For systems
with the GNOME desktop environment, such as Ubuntu, the Secret
Service is gnome-keyring-daemon
. Systems
with the KDE desktop environment, for example Kubuntu, use
their own ksecretservice
implementation.