Remove credentials from JDBC connection strings

[Copilot]

Description

JDBC connection strings now omit user and password parameters. Credentials are provided exclusively via separate Username and Password connection properties exposed as environment variables.

Breaking Change: Applications parsing JDBC connection strings to extract credentials will break. Use the individual connection properties instead:

// Before: jdbc:postgresql://localhost:5432/db?user=postgres&password=secret
// After:  jdbc:postgresql://localhost:5432/db
//         Username available via POSTGRES_USERNAME env var
//         Password available via POSTGRES_PASSWORD env var

Changes by Database Provider

PostgreSQL

• jdbc:postgresql://{Host}:{Port}[/{Database}]?user={Username}&password={Password} → jdbc:postgresql://{Host}:{Port}[/{Database}]

MySQL

• jdbc:mysql://{Host}:{Port}[/{Database}]?user={Username}&password={Password} → jdbc:mysql://{Host}:{Port}[/{Database}]

SQL Server

• jdbc:sqlserver://{Host}:{Port};user={Username};password={Password};trustServerCertificate=true[;databaseName={Database}] → jdbc:sqlserver://{Host}:{Port};trustServerCertificate=true[;databaseName={Database}]

Oracle

• jdbc:oracle:thin:{Username}/{Password}@//{Host}:{Port}[/{Database}] → jdbc:oracle:thin:@//{Host}:{Port}[/{Database}]

Modified Components

• Resource classes: MySqlServerResource, PostgresServerResource, SqlServerServerResource, OracleDatabaseServerResource and their database child resources
• Documentation: READMEs, connection-properties.md spec, agent documentation
• Tests: ConnectionPropertiesTests for all four database providers

Fixes #<issue_number>

Checklist

• Is this feature complete?
  • Yes. Ready to ship.
  • No. Follow-up changes expected.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
  • No
• Did you add public API?
  • Yes
    • If yes, did you have an API Review for it?
      • Yes
      • No
    • Did you add <remarks /> and <code /> elements on your triple slash comments?
      • Yes
      • No
  • No
• Does the change make any security assumptions or guarantees?
  • Yes
    • If yes, have you done a threat model and had a security review?
      • Yes
      • No
  • No
• Does the change require an update in our Aspire docs?
  • Yes
    • Link to aspire-docs issue: TBD (breaking change - JDBC format changes for all database providers)
  • No

Original prompt

Objective:
Remove user and password query parameters or inline options from all JDBC connection strings across all database server resources (MySQL, PostgreSQL, SQL Server, Oracle, etc.), and update the code to provide these values as explicit connection properties instead. Ensure documentation, code comments, and tests reflect this change.

Tasks:

1. Refactor JDBC Connection String Logic:

   • For each relevant resource (MySqlServerResource, PostgresServerResource, SqlServerServerResource, OracleDatabaseServerResource, etc.), update the JDBC connection string builder method to:
     • Remove user and password parameters from the generated JDBC connection string expression.
     • Ensure those credentials are available as individual properties (e.g., Username, Password) in the connection properties/dictionary.
   • Update API documentation comments for each affected method/property to show new connection string format and explain how credentials are provided.

2. Update Documentation:

   • Revise all relevant README files and documentation sources (src/Aspire.Hosting.*/*README.md, root README.md, etc.)
     • Clearly document that JDBC connection strings will no longer include user/password, and credentials must be provided as individual connection properties.
     • Update connection string format examples accordingly.
     • Add a note about backward incompatibility, if appropriate.

3. Update Dashboard and Related Tools:

   • Update connection string parsers and any part of the dashboard that expect user/password in the JDBC connection string.
   • Ensure environment variable and configuration propagation logic still exposes user/password properties as before.

4. Update and Add Tests:

   • Change or create tests in all affected providers to check the new JDBC connection string format.
   • Add test coverage to ensure user/password are not present in JDBC connection string, but are available in the properties.

5. Review API surface for breaking changes:

   • Consider surface area changes for public API and highlight any breaking changes in the PR description if necessary.

Acceptance:

• No JDBC connection string includes user or password.
• All required documentation and code comments reflect new pattern.
• Properties for user and password are exposed on the connection properties collection, and documented for consumers.
• All tests for connection string formatting and property exposure pass.
• Dashboard, environment variables, and config remain functional with new split format.
• PR description summarizes all changes and docs updated locations/reasoning.

This pull request was created as a result of the following prompt from Copilot chat.

Objective:
Remove user and password query parameters or inline options from all JDBC connection strings across all database server resources (MySQL, PostgreSQL, SQL Server, Oracle, etc.), and update the code to provide these values as explicit connection properties instead. Ensure documentation, code comments, and tests reflect this change.

Tasks:

1. Refactor JDBC Connection String Logic:

   • For each relevant resource (MySqlServerResource, PostgresServerResource, SqlServerServerResource, OracleDatabaseServerResource, etc.), update the JDBC connection string builder method to:
     • Remove user and password parameters from the generated JDBC connection string expression.
     • Ensure those credentials are available as individual properties (e.g., Username, Password) in the connection properties/dictionary.
   • Update API documentation comments for each affected method/property to show new connection string format and explain how credentials are provided.

2. Update Documentation:

   • Revise all relevant README files and documentation sources (src/Aspire.Hosting.*/*README.md, root README.md, etc.)
     • Clearly document that JDBC connection strings will no longer include user/password, and credentials must be provided as individual connection properties.
     • Update connection string format examples accordingly.
     • Add a note about backward incompatibility, if appropriate.

3. Update Dashboard and Related Tools:

   • Update connection string parsers and any part of the dashboard that expect user/password in the JDBC connection string.
   • Ensure environment variable and configuration propagation logic still exposes user/password properties as before.

4. Update and Add Tests:

   • Change or create tests in all affected providers to check the new JDBC connection string format.
   • Add test coverage to ensure user/password are not present in JDBC connection string, but are available in the properties.

5. Review API surface for breaking changes:

   • Consider surface area changes for public API and highlight any breaking changes in the PR description if necessary.

Acceptance:

• No JDBC connection string includes user or password.
• All required documentation and code comments reflect new pattern.
• Properties for user and password are exposed on the connection properties collection, and documented for consumers.
• All tests for connection string formatting and property exposure pass.
• Dashboard, environment variables, and config remain functional with new split format.
• PR description summarizes all changes and docs updated locations/reasoning.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 12712

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 12712"

[Copilot]

Pull Request Overview

This PR removes user credentials from JDBC connection strings across all database resources (SQL Server, PostgreSQL, MySQL, Oracle). The JDBC connection strings now only contain the base connection URL, with credentials provided separately via Username and Password connection properties.

Key changes:

• JDBC connection strings simplified to exclude embedded credentials (username/password)
• All affected code, tests, documentation, and manifest files updated consistently
• XML documentation enhanced with explanatory notes about accessing credentials separately

Reviewed Changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/Aspire.Hosting.SqlServer/SqlServerServerResource.cs	Removed user/password from JDBC string builder, moved trustServerCertificate before database name
src/Aspire.Hosting.SqlServer/SqlServerDatabaseResource.cs	Updated XML documentation to reflect new format without credentials
src/Aspire.Hosting.SqlServer/README.md	Updated documentation tables with new JDBC format and credential access explanation
src/Aspire.Hosting.PostgreSQL/PostgresServerResource.cs	Removed user/password query parameters from JDBC string builder
src/Aspire.Hosting.PostgreSQL/PostgresDatabaseResource.cs	Updated XML documentation with new format and GetConnectionProperties reference
src/Aspire.Hosting.PostgreSQL/README.md	Updated documentation tables with new JDBC format
src/Aspire.Hosting.Oracle/OracleDatabaseServerResource.cs	Removed user/password from JDBC thin client connection string
src/Aspire.Hosting.Oracle/OracleDatabaseResource.cs	Updated XML documentation with GetConnectionProperties reference
src/Aspire.Hosting.Oracle/README.md	Updated documentation tables with new JDBC format
src/Aspire.Hosting.MySql/MySqlServerResource.cs	Removed user/password query parameters from JDBC string builder
src/Aspire.Hosting.MySql/MySqlDatabaseResource.cs	Updated XML documentation with GetConnectionProperties reference
src/Aspire.Hosting.MySql/README.md	Updated documentation tables with new JDBC format
tests/Aspire.Hosting.Tests/ManifestGenerationTests.cs	Updated expected JDBC connection string in snapshot test
tests/Aspire.Hosting.SqlServer.Tests/ConnectionPropertiesTests.cs	Updated test assertions to match new JDBC format
tests/Aspire.Hosting.PostgreSQL.Tests/ConnectionPropertiesTests.cs	Updated test assertions to match new JDBC format
tests/Aspire.Hosting.Oracle.Tests/ConnectionPropertiesTests.cs	Updated test assertions to match new JDBC format
tests/Aspire.Hosting.MySql.Tests/ConnectionPropertiesTests.cs	Updated test assertions to match new JDBC format
playground/mysql/MySqlDb.AppHost/aspire-manifest.json	Updated manifest snapshot with new JDBC connection strings
docs/specs/connection-properties.md	Updated specification with new JDBC formats and explanatory note
.github/agents/connectionproperties.agent.md	Updated agent documentation with new JDBC format

[davidfowl]

@sebastienros do we need to backport this?

[sebastienros]

@davidfowl yes, that's why I extracted it from the other PR. Validated with Java app (postgres, including azure)

[sebastienros]

/backport to release/13.0

[github-actions]

Started backporting to release/13.0: https://github.com/dotnet/aspire/actions/runs/19121676215