Authentication Profiles
Authentication Profiles provide a centralized way to manage authentication credentials that can be shared across multiple database connections. This feature is particularly useful for modern authentication methods like OAuth2 and OIDC, where credential management can be complex.
Key Benefits
Section titled “Key Benefits”- Credential Reuse: Define authentication once, use across multiple connections
- Centralized Management: Update credentials in one place for all connections
- Secure Storage: Sensitive values stored in VS Code’s secure credential storage
- Modern Auth Support: First-class support for OAuth2, OIDC, and other token-based authentication
- Workspace & Global Scope: Share profiles across your team or keep them personal
Supported Authentication Types
Section titled “Supported Authentication Types”| Type | Description | Documentation |
|---|---|---|
| AWS | AWS credentials via static keys or profiles with SSO support | AWS Guide |
| Command | Execute shell commands to retrieve credentials from external secret managers | Command Guide |
| OAuth2 / OIDC | Token-based authentication with support for Authorization Code and Client Credentials flows | OAuth2 Guide |
| .pgpass File | Use PostgreSQL’s standard password file for authentication | pgpass Guide |
Creating an Authentication Profile
Section titled “Creating an Authentication Profile”From the Authentication Profiles View
Section titled “From the Authentication Profiles View”- Open the DBCode activity bar
- Navigate to the Authentication Profiles section
- Click the + (Create) icon in the view title bar
- Select the authentication type (e.g., OAuth2)
- Fill in the required fields
- Choose storage location for each field:
- Secret Storage: Encrypted, not visible in settings files
- Settings JSON: Visible in settings, suitable for non-sensitive values
- Choose scope:
- User (Global): Available across all workspaces
- Workspace: Only available in current workspace
- Click Save
From a Connection Form
Section titled “From a Connection Form”When creating or editing a connection that supports authentication profiles:
- Find the Authentication section
- Click Create New Profile in the auth profile dropdown
- Complete the profile setup (same as above)
- The new profile will be automatically selected for your connection
Managing Authentication Profiles
Section titled “Managing Authentication Profiles”Editing a Profile
Section titled “Editing a Profile”From the Tree View:
- Right-click the profile → Edit
- Or click the pencil icon
From Command Palette:
- Run DBCode: Edit Auth Profile
- Select the profile to edit
Deleting a Profile
Section titled “Deleting a Profile”From the Tree View:
- Right-click the profile → Delete
- Or click the trash icon
Restrictions:
- Profiles in use by connections cannot be deleted
- Delete or reassign connections first
Viewing Profile Details
Section titled “Viewing Profile Details”Hover over a profile in the tree view to see:
- Profile name
- Authentication type
- Scope (User/Workspace)
Using Authentication Profiles in Connections
Section titled “Using Authentication Profiles in Connections”When creating or editing a connection:
- Look for the Auth Profile dropdown in the connection form
- Select an existing profile, or create a new one
- Save the connection
The connection will use the profile’s credentials for authentication. If the profile uses OAuth2, you’ll be prompted to authenticate via your browser when connecting.
Storage and Security
Section titled “Storage and Security”Secret Storage
Section titled “Secret Storage”Sensitive values (passwords, client secrets, tokens) are stored in VS Code’s secure credential storage:
- macOS: Keychain
- Windows: Credential Manager
- Linux: Secret Service API (gnome-keyring, kwallet)
Settings JSON
Section titled “Settings JSON”Non-sensitive configuration (URLs, client IDs, scopes) can be stored in VS Code settings:
- User Settings:
~/.vscode/settings.jsonor~/Library/Application Support/Code/User/settings.json - Workspace Settings:
.vscode/settings.jsonin your workspace
You control which fields go where when creating or editing a profile.
Best Practices
Section titled “Best Practices”Scope Selection
Section titled “Scope Selection”Use Global (User) scope when:
- Credentials are personal to you
- You connect to the same resources across multiple projects
- The authentication is tied to your user account
Use Workspace scope when:
- Credentials are shared with your team (committed to version control)
- Authentication is specific to a project
- You want to keep work and personal profiles separate
Troubleshooting
Section titled “Troubleshooting””Auth profile not found”
Section titled “”Auth profile not found””Cause: Profile was deleted or moved between scopes
Solutions:
- Recreate the profile or select a different one
- Check if the profile exists in the correct scope (User vs Workspace)
“Profile in use by connections”
Section titled ““Profile in use by connections””Cause: Attempting to delete a profile that’s assigned to connections
Solutions:
- Edit connections using the profile and change their auth method
- Or assign a different profile to those connections