The vault provides a convenient secure storage for passwords used to access MySQL servers. By using the vault, you need not enter credentials every time MySQL Workbench attempts to connect to a server.
The host name is used for storing password information. For example, a local connection might use "localhost", "127.0.0.1", or "::1", but these are stored separately in the password storage vault, even if they all resolve to the same place.
The vault is implemented differently on each platform:
Windows: The vault is an encrypted file in the MySQL Workbench
datadirectory. This is where
connections.xmland related files are located. The file is encrypted using a Windows API which performs the encryption based on the current user, so only the current user can decrypt it. As a result it is not possible to decrypt the file on any other computer. It is possible to delete the file, in which case all stored passwords are lost, but MySQL Workbench will otherwise perform as expected. You then must re-enter passwords as required.
macOS: The vault is implemented using the Secure Keychain. The keychain contents is also viewable from the native
Linux: The vault works by storing passwords using the
libsecretlibrary, which communicates with Secret Service. For systems with the GNOME desktop environment, such as Ubuntu, the Secret Service is
gnome-keyring-daemon. Systems with the KDE desktop environment, for example Kubuntu, use their own