Add support to provide password for a connection with an external command

[pergardebrink]

Is your feature request related to a problem? Please describe.
When using AWS RDS IAM Authentication to connect to database server in AWS (MySQL, MariaDB, PostgreSQL), a temporary password can be created using the AWS CLI to connect to databases. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
This means much better security as the passwords are shortlived and generated on demand so that access can easily be revoked without having to change the password.

DBeaver can be used together with this only if you create a custom script and run it through the commandline using a script that generates the temporary password and then opens DBeaver passing this information on the commandline. But this is a quite cumbersome to work with.

Describe the solution you'd like
I would like to have a way to call an external program to retrieve the password before each connect is done. The command should have the database hostname, port and username available, for example as environment variables so it can be called similar to this:

aws rds generate-db-auth-token --profile myaccount-profile --hostname %DB_HOSTNAME% --port %DB_PORT% --username %DB_USERNAME%

The stdout of the command could be used as raw input to be used as a password.

If the password is cached in DBeaver, the expiration should be configurable (AWS RDS IAM credential is valid for 15 minutes).

This feature would not only support AWS RDS IAM Authentication, but potentially other solutions that can generate or retrieve temporary passwords.

Describe alternatives you've considered
Current approach with scripts works, but it's an ugly workflow

Additional context
pgAdmin have this feature (password exec command in the advanced properties of a connection, see here: https://www.pgadmin.org/docs/pgadmin4/8.12/server_dialog.html) and they're doing the improvement on adding environment variables I'm suggesting above as well: pgadmin-org/pgadmin4#6794

[pergardebrink]

I see that this is natively supported in the paid version, so I assume you don't want to implement it?

[Ankit3794]

@pergardebrink, can you pass forward reference of alternative approach with scripts.

I am getting stuck with credentials-config.json as it's encrypted file. and data-sources.json file auth-properties block is getting ignored/removed, once I try to connect from GUI

[E1izabeth]

Yes, PRO version of DBeaver support this. We won't implement it in DBeaver Community