mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-18 10:48:00 -05:00
[GH-ISSUE #20782] feat: IAM-based auth for AWS RDS/Aurora #139014
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @kirill-sch on GitHub (Jan 18, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/20782
Check Existing Issues
Verify Feature Scope
Problem Description
Database connections currently only support long-lived username/password credentials and do not support AWS IAM DB authentication. Supporting IAM DB auth would provide a safer, more compliant option for connecting to RDS/Aurora using short-lived tokens and IAM roles instead of persistent database passwords.
Desired Solution you'd like
Add support for AWS RDS/Aurora IAM database authentication. OpenWebUI should be able to generate IAM auth tokens using the AWS SDK, automatically refresh them before they expire (~15 minutes), and use the token along DB user/host/port/database name to establish and maintain connections. Ideally, this can be enabled via an environment variable (e.g.,
IAM_TOKEN_DB_AUTH=true).Alternatives Considered
No response
Additional Context
No response