DBeaver - Met error: Public Key Retrieval is not allowed when connect to MySQL container database

The error

Public Key Retrieval is not allowed
occurs when MySQL’s caching_sha2_password authentication plugin is used, and the client (e.g., DBeaver) is not allowed to automatically fetch the public key from the server for secure password exchange.

This is common when connecting to a MySQL 8+ container using clients like DBeaver or JDBC.

---

✅ Fix Options

Option 1 — Add allowPublicKeyRetrieval=true to JDBC URL (recommended for local/dev)

1. In DBeaver, open your MySQL connection settings.

2. Go to "Driver properties" tab.

3. Add or modify the property:

   allowPublicKeyRetrieval = true

4. Also ensure:

   useSSL = false

   (or true if you are using SSL properly configured)

5. Example full JDBC URL:

   jdbc:mysql://localhost:3306/mydb?allowPublicKeyRetrieval=true&useSSL=false

---

Option 2 — Change authentication plugin on MySQL user

If you have access to the MySQL server and prefer not to allow key retrieval:

Run this inside the container or via MySQL CLI:

 

ALTER USER 'your_user'@'%' IDENTIFIED WITH mysql_native_password BY 'your_password'; FLUSH PRIVILEGES;

This changes the user to use the older mysql_native_password plugin (compatible with all clients).

---

Option 3 — Use latest MySQL driver

Make sure your DBeaver is using the latest MySQL JDBC driver:

1. Go to DBeaver → Database → Driver Manager → MySQL.

2. Click "Edit Driver" → "Download/Update".

3. Update to the latest driver version.

---

💡 Notes

• allowPublicKeyRetrieval=true is safe in local or test environments.
  In production, use SSL certificates or configure a trusted key exchange.

• This issue is particularly common with MySQL 8 Docker images that use the caching_sha2_password plugin by default.