pgadmin-org
"Failed to decrypt the saved password" for saved connections on Ubuntu
Please note that security bugs or issues should be reported to [email protected].
Describe the bug
Passwords of DB does not preserved in storage.
When i try to connect to saved DB i enter SSH password and then i got error
Failed to decrypt the saved password.
Error: 'utf-8' codec can't decode byte 0x90 in position 0: invalid start byte
and have to insert both passwords of SSH and of DB.
To Reproduce
Steps to reproduce the behavior:
- Create a new connection to remote DB over SSH with non-standard port
- Enable "Use SSH tunneling", enter host/port/username, select "Identity file" with encryption and pass an SSH password
- Check "save password" of DB (not for SSH, it's unavailable)
- Save connection. Ensure you have connected successfully
- Close app
- Open app. No any keyring requests to enter master password appears
- Try to connect to created server. Appears popup "Please enter the SSH Tunnel password for the identity file". Enter SSH password Expected behavior
Connected to remote DB over SSH with saved password
Error message
Failed to decrypt the saved password.
Error: 'utf-8' codec can't decode byte 0xb9 in position 0: invalid start byte
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: Ubuntu 24.04.2 LTS, Linux-6.8.0-55-generic-x86_64-with-glibc2.39
- Version: 9.1
- Mode: Desktop
- Browser (if running in server mode): [e.g. chrome, safari]
- Package type: DEB (installed with apt)
Additional context
I tried to remove all related directories with configs and completely delete package and install again. It does not work for me
@vitonsky Can you please try clearing server password from context option of the same server? Then try saving it again and connecting to it. Keyring request will happen internally.
@yogeshmahajan-1903 just tried, bug still reproduces.
- I clicked "Clear Saved Password"
- Then tried to connect and enter 2 passwords (SSH and DB) + clicked "Save password" for DB password
- Connected successfully
- Click to disconnect
- Disconnected successfully
- Click to connect
- Only SSH password has been requested. Connected successfully
- I close app and reopen
- Trying to connect. Requested SSH password, i enter
- After 1-2 seconds awaiting i got the same error as on screenshot above (request to enter both passwords)
@vitonsky I am not able to reproduce the issue. Do you have any special character which beyond UTF-8 encoding in the password? Can you please try steps below - 1.Locate the application - 'Passwords& keys'. 2.Locate Default section in password. 3.Search for entry - 'pgadmin4-master-password' and delete it. 4.Restart the application and try again.
@yogeshmahajan-1903 hi, I use long string of ASCII-only chars.
What is "Passwords& keys" and how to locate it?
@vitonsky Search the application 'Passwords& keys' where you search the pgadmin.
@yogeshmahajan-1903 i don't understand your instructions.
I use pgAdmin on Ubuntu with KDE. I have no 'Passwords& keys'. Also i don't see any options like this in pgAdmin.
@yogeshmahajan-1903 i don't understand your instructions.
I use pgAdmin on Ubuntu with KDE. I have no 'Passwords& keys'. Also i don't see any options like this in pgAdmin.
pgAdmin uses native secret storage application( e..g keychain in Mac,Passwords& keys in Ubuntu.) This is a separate application just like pgadmin, terminal etc. By googling I found for KDE it is 'KDE Wallet'.
@yogeshmahajan-1903 i just checked KDE Wallet, there are no any entries related to pgAdmin.
Moreover, whhen i open pgAdmin, no any activity with KDE wallet happens. It looks the problem is on pgAdmin side, since if i trying to start Minecraft launcher for example, it automatically opens keyring unlike pgAdmin.
@vitonsky 1.Do you have config_system/py/config_local.py through which pgadmin settings are modified? 2.Did you get the pop up to enter master password anytime? 3.Can you please share pgadmin logs?
Also OS is ubuntu, hence it should have KDE wallet.(Not sure how keyring is being opened for other application)
Do you have config_system/py/config_local.py through which pgadmin settings are modified?
I don't know what is this and how to find it. I may check if you explain how to.
Did you get the pop up to enter master password anytime?
No. I think this is root cause. I tried to re-install pgAdmin and whole data, then added servers again, but it did not fixed a problem.
I've got this popup once, few months ago, and then it never appears anymore.
Can you please share pgadmin logs?
That is my logs after trying to connect
pgAdmin Runtime Environment
--------------------------------------------------------
Python Path: "/usr/pgadmin4/venv/bin/python3"
Runtime Config File: "/home/vitonsky/.config/pgadmin4/config.json"
Webapp Path: "/usr/pgadmin4/web/pgAdmin4.py"
pgAdmin Command: "/usr/pgadmin4/venv/bin/python3 -s /usr/pgadmin4/web/pgAdmin4.py"
Environment:
- HOME: /home/vitonsky
- LANG: en_GB.UTF-8
- LC_ADDRESS: en_GB.UTF-8
- LC_IDENTIFICATION: en_GB.UTF-8
- LC_MEASUREMENT: en_150.UTF-8
- LC_MONETARY: en_US.UTF-8
- LC_NAME: en_GB.UTF-8
- LC_NUMERIC: en_GB.UTF-8
- LC_PAPER: en_GB.UTF-8
- LC_TELEPHONE: en_GB.UTF-8
- LC_TIME: en_150.UTF-8
- LOGNAME: vitonsky
- SHELL: /bin/bash
- USER: vitonsky
- XDG_DATA_DIRS: /usr/share/plasma:/usr/share/gnome:/home/vitonsky/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share:/var/lib/snapd/desktop
- XDG_RUNTIME_DIR: /run/user/1000
- GTK_MODULES: gail:atk-bridge
- QT_ACCESSIBILITY: 1
- QTWEBENGINE_DICTIONARIES_PATH: /usr/share/hunspell-bdic/
- GSK_RENDERER: gl
- CLUTTER_IM_MODULE: ibus
- DBUS_SESSION_BUS_ADDRESS: unix:path=/run/user/1000/bus
- DEBUGINFOD_URLS: https://debuginfod.ubuntu.com
- DESKTOP_SESSION: plasma
- DISPLAY: :0
- GPG_AGENT_INFO: /run/user/1000/gnupg/S.gpg-agent:0:1
- GSM_SKIP_SSH_AGENT_WORKAROUND: true
- GTK2_RC_FILES: /etc/gtk-2.0/gtkrc:/home/vitonsky/.gtkrc-2.0:/home/vitonsky/.config/gtkrc-2.0
- GTK_IM_MODULE: ibus
- GTK_RC_FILES: /etc/gtk/gtkrc:/home/vitonsky/.gtkrc:/home/vitonsky/.config/gtkrc
- ICEAUTHORITY: /run/user/1000/iceauth_xeRbHJ
- KDE_APPLICATIONS_AS_SCOPE: 1
- KDE_FULL_SESSION: true
- KDE_SESSION_UID: 1000
- KDE_SESSION_VERSION: 5
- LANGUAGE: en_GB:en_US:ru
- LIBVIRT_DEFAULT_URI: qemu:///system
- PWD: /home/vitonsky
- QT_AUTO_SCREEN_SCALE_FACTOR: 0
- QT_IM_MODULE: ibus
- QT_SCREEN_SCALE_FACTORS: DP-0=1;DP-1=1;DP-2=1;DP-3=1;HDMI-0=1;DP-4=1;eDP-1-1=1;
- SESSION_MANAGER: local/laptop:@/tmp/.ICE-unix/3110,unix/laptop:/tmp/.ICE-unix/3110
- SSH_AGENT_PID: 2835
- SSH_AUTH_SOCK: /tmp/ssh-2ONH1VVg2psB/agent.2700
- XAUTHORITY: /tmp/xauth_qYNAyH
- XCURSOR_SIZE: 24
- XCURSOR_THEME: breeze_cursors
- XDG_CONFIG_DIRS: /home/vitonsky/.config/kdedefaults:/etc/xdg/xdg-plasma:/etc/xdg
- XDG_CURRENT_DESKTOP: KDE
- XDG_SEAT: seat0
- XDG_SEAT_PATH: /org/freedesktop/DisplayManager/Seat0
- XDG_SESSION_CLASS: user
- XDG_SESSION_DESKTOP: KDE
- XDG_SESSION_ID: 1
- XDG_SESSION_PATH: /org/freedesktop/DisplayManager/Session0
- XDG_SESSION_TYPE: x11
- XDG_VTNR: 2
- XMODIFIERS: @im=ibus
- MANAGERPID: 2684
- INVOCATION_ID: 95a139eeb6434343b4bdb3647984c161
- JOURNAL_STREAM: 8:27922
- SYSTEMD_EXEC_PID: 3169
- MEMORY_PRESSURE_WATCH: /sys/fs/cgroup/user.slice/user-1000.slice/[email protected]/session.slice/plasma-plasmashell.service/memory.pressure
- MEMORY_PRESSURE_WRITE: c29tZSAyMDAwMDAgMjAwMDAwMAA=
- CHROME_DESKTOP: pgadmin4.desktop
- ORIGINAL_XDG_CURRENT_DESKTOP: KDE
- ELECTRON_ENABLE_SECURITY_WARNINGS: false
- GDK_BACKEND: x11
- PGADMIN_INT_PORT: 45623
- PGADMIN_INT_KEY: c0fd6e70-18ae-4b58-834f-fed6c37d1991
- PGADMIN_SERVER_MODE: OFF
--------------------------------------------------------
Total spawn time to start the pgAdmin4 server: 0.007 Sec
/usr/pgadmin4/venv/lib/python3.12/site-packages/passlib/pwd.py:16: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
import pkg_resources
2025-06-04 14:50:56,634: WARNING werkzeug: Werkzeug appears to be used in a production deployment. Consider switching to a production web server instead.
* Serving Flask app 'pgadmin'
* Debug mode: off
------------------------------------------
Total time taken to ping pgAdmin4 server: 4.01 Sec
------------------------------------------
Total launch time of pgAdmin4: 4.143 Sec
------------------------------------------
Application Server URL: http://127.0.0.1:45623/?key=c0fd6e70-18ae-4b58-834f-fed6c37d1991
2025-06-04 14:58:31,528: ERROR pgadmin: 'utf-8' codec can't decode byte 0xae in position 1: invalid start byte
Traceback (most recent call last):
File "/usr/pgadmin4/web/pgadmin/utils/driver/psycopg3/connection.py", line 255, in _decode_password
password = password.decode()
^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xae in position 1: invalid start byte
2025-06-04 14:58:31,530: ERROR pgadmin: Could not connect to server(#2) - 'nx:core'.
Error: Failed to decrypt the saved password.
Error: 'utf-8' codec can't decode byte 0xae in position 1: invalid start byte
@vitonsky Is it possible for you to connect over the call? My working times are 10AM -6 PM - IST. Kindly share invite if possible
@yogeshmahajan-1903 I'm busy this week. I will ping you later to call.
Whats our plan to call? I will prepare my PC for debugging
@yogeshmahajan-1903 I'm busy this week. I will ping you later to call.
Whats our plan to call? I will prepare my PC for debugging
Kindly share your email id to send invite and suitable timings.
