The vault provides a convenient secure storage for passwords used to access MySQL servers. By using the vault, you need not enter credentials every time MySQL Workbench attempts to connect to a server.
The hostname is used for storing password information. For example, a local connection might use "localhost", "127.0.0.1", or "::1", but these are stored separately in the password storage vault, even if they all resolve to the same place.
The vault is implemented differently on each platform:
Windows: The vault is an encrypted file in the MySQL Workbench
datadirectory. This is where
connections.xmland related files are located. The file is encrypted using a Windows API which performs the encryption based on the current user, so only the current user can decrypt it. As a result it is not possible to decrypt the file on any other computer. It is possible to delete the file, in which case all stored passwords are lost, but MySQL Workbench will otherwise perform as expected. You then must re-enter passwords as required.
macOS: The vault is implemented using the Secure Keychain. The keychain contents is also viewable from the native
Linux: The vault works by storing passwords using the
gnome-keyringdaemon, which must be running for password persistence to work. The daemon is automatically started in GNOME desktops, but normally is not in KDE and others. The
gnome-keyringdaemon stores passwords for MySQL Workbench on non-GNOME platforms, but it must be started manually.