Prerequisites
🚀 Feature Proposal
Summary
Allow enabling the MySQL cleartext authentication plugin per connection. The underlying mysql_async driver supports this via enable_cleartext_plugin, but it isn't exposed in the connection settings.
Problem
Connecting to a MySQL account whose server-side auth requires a cleartext password (PAM, LDAP, or cloud IAM auth) fails with:
encountered unexpected or invalid data: mysql_cleartext_plugin disabled
The driver disables the cleartext plugin by default, and there's currently no UI option to turn it on, so these accounts can't be used at all.
Proposed solution
Add a per-connection toggle in the MySQL connection settings, e.g. "Enable cleartext password plugin", mapping to the driver's enable_cleartext_plugin option. It should only be allowed together with an SSL/TLS mode, since cleartext must travel over an encrypted connection.
Motivation
Managed and enterprise MySQL deployments increasingly rely on authentication methods that require the client to send the password in cleartext over a TLS connection — notably PAM, LDAP, and cloud IAM auth (Azure Database for MySQL, AWS RDS IAM, etc.). These are mainstream, security-conscious setups, not edge cases.
A very common real-world trigger is connecting through Warpgate, a popular open-source bastion/proxy. Its MySQL protocol server only accepts TLS connections and authenticates clients exclusively via the mysql_clear_password plugin — this is mandatory, not configurable. Clients that can't enable cleartext auth (like Tabularis today) simply cannot connect to any database behind Warpgate, while clients that expose the option (DBeaver, mysql CLI with --enable-cleartext-plugin) work fine. Supporting this would let Tabularis work in bastion-protected environments, which are standard in security-conscious infrastructures.
Example
No response
Prerequisites
🚀 Feature Proposal
Summary
Allow enabling the MySQL cleartext authentication plugin per connection. The underlying mysql_async driver supports this via enable_cleartext_plugin, but it isn't exposed in the connection settings.
Problem
Connecting to a MySQL account whose server-side auth requires a cleartext password (PAM, LDAP, or cloud IAM auth) fails with:
encountered unexpected or invalid data: mysql_cleartext_plugin disabled
The driver disables the cleartext plugin by default, and there's currently no UI option to turn it on, so these accounts can't be used at all.
Proposed solution
Add a per-connection toggle in the MySQL connection settings, e.g. "Enable cleartext password plugin", mapping to the driver's enable_cleartext_plugin option. It should only be allowed together with an SSL/TLS mode, since cleartext must travel over an encrypted connection.
Motivation
Managed and enterprise MySQL deployments increasingly rely on authentication methods that require the client to send the password in cleartext over a TLS connection — notably PAM, LDAP, and cloud IAM auth (Azure Database for MySQL, AWS RDS IAM, etc.). These are mainstream, security-conscious setups, not edge cases.
A very common real-world trigger is connecting through Warpgate, a popular open-source bastion/proxy. Its MySQL protocol server only accepts TLS connections and authenticates clients exclusively via the mysql_clear_password plugin — this is mandatory, not configurable. Clients that can't enable cleartext auth (like Tabularis today) simply cannot connect to any database behind Warpgate, while clients that expose the option (DBeaver, mysql CLI with --enable-cleartext-plugin) work fine. Supporting this would let Tabularis work in bastion-protected environments, which are standard in security-conscious infrastructures.
Example
No response