MySQL Workbench Manual  /  ...  /  The Password Storage Vault

5.3.9 The Password Storage Vault

The vault provides a convenient secure storage for passwords used to access MySQL servers. By using the vault, you need not enter credentials every time MySQL Workbench attempts to connect to a server.


The host name is used for storing password information. For example, a local connection might use "localhost", "", or "::1", but these are stored separately in the password storage vault, even if they all resolve to the same place.

The vault is implemented differently on each platform:

  • Windows: The vault is an encrypted file in the MySQL Workbench data directory. This is where connections.xml and related files are located. The file is encrypted using a Windows API which performs the encryption based on the current user, so only the current user can decrypt it. As a result it is not possible to decrypt the file on any other computer. It is possible to delete the file, in which case all stored passwords are lost, but MySQL Workbench will otherwise perform as expected. You then must re-enter passwords as required.

  • macOS: The vault is implemented using the Secure Keychain. The keychain content is also viewable from the native Keychain utility.

  • Linux: The vault works by storing passwords using the libsecret library, which communicates with Secret Service. For systems with the GNOME desktop environment, such as Ubuntu, the Secret Service is gnome-keyring-daemon. Systems with the KDE desktop environment, for example Kubuntu, use their own ksecretservice implementation.