Security in CloudBeaver
- Authentication
- Access management
- Connection network options
- Network and security settings
- Additional security options
In CloudBeaver, you can manage security and access on several levels.
These settings let you control how users sign in, who can access the system, how database connections are secured, and
how the server is protected on the network.
You can configure:
- Authentication - sign-in methods for users
- Access management - permissions and policies for accounts and teams
- Connection network options - encryption and tunnels for database connections
- Network and security settings - domains, proxies, certificates, and secure storage
- Additional security options - password recovery, credentials storage, provisioning, and restrictions
Configure how users sign in. Choose local accounts, enterprise identity providers, or cloud-specific services.
- Anonymous access
- Local authentication
- LDAP
- SAML
- OpenID
- NTLM
- JWT
- AWS IAM
- Microsoft Entra ID, and others
See Authentication methods for a full overview.
CloudBeaver can protect against brute force attacks on both application login and database connections.
- Login protection - block users after several failed login attempts
- Connection protection - temporarily block the ability to connect after repeated failed attempts (for example, wrong database password)
For more details, see Password policy
Control who can sign in and what they can do. Enforce password rules, assign permissions, and organize users into teams.
Secure database connections at the connection level. Enable SSL, set up SSH tunnels, and manage keys.
- SSL configuration - encrypt traffic with CA-signed or self-signed certificates
- SSH configuration - protect connections with SSH tunnels and key authentication
Manage how the server is exposed on the network. Configure domains, proxies, TLS, and secure storage for sensitive data.
| Setting | Description | Reference |
|---|---|---|
| Domain manager | Configure a custom domain, and apply SSL certificates | Domain manager |
| Reverse proxy | Control and filter incoming traffic, enable auth via headers, offload TLS, enforce HTTPS, and configure multiple server URLs | Proxy configuration |
| Secret management | Store and retrieve credentials from providers like AWS Secrets or Vault | Secret providers |
| Java security properties | Override default JVM crypto properties for compliance and security policies | Java security properties |
CloudBeaver also provides extra security features that complement authentication, access control, and connection settings.
| Setting | Description | Reference |
|---|---|---|
| Password recovery | Restore access if the main password is lost | Admin password recovery |
| User credentials storage | Control how saved credentials are stored and protected | User credentials storage |
| Pre-configured permissions | Define default permissions for new database connections | Pre-configured permissions |
| User provisioning | Automate account creation and updates with provisioning systems | Provisioning users |
| Proxy header authentication | Authenticate users via trusted reverse proxy headers | Reverse proxy header authentication |
- Getting started
- Create connection
- Connection network options
- Supported databases
-
Drivers management
- Database authentication methods
- Database navigator
- Properties editor
- Data editor
- SQL editor
-
Entity relation diagrams
- Cloud services
-
AI Smart assistance
- Data transfer
- General user guide
- Administration
- Server configuration
-
Server security and access configuration
- Authentication methods
- Access management
- Proxy configuration
-
Secret management
- Logs
-
Query manager
- Workspace location
- Command line parameters
-
Session manager
- Deployment options
- CloudBeaver Editions
- FAQ
- Development