URL encode username and password values for DB connections

[wadesdev]

Ticket ENG-2808

Description Of Changes

This should resolve an issue wherein passwords with special characters are properly URL encoded, precluding SQLAlchemy parsing issues.

Code Changes

• Updates MySQL, Postgres, and Redshift connectors to URL encode username and password fields

Steps to Confirm

1. Bring a MySQL database to the table
2. Create a user with @ in the password
3. Create a MySQL integration
4. [Confirm Step 1] Test integration should pass
5. [Confirm Step 2] Monitor scan should create staged resources

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored		Feb 25, 2026 7:20pm
fides-privacy-center	Ignored		Feb 25, 2026 7:20pm

[vcruces]

Great catch! I added a comment recommending a defensive check, just to be safe

[vcruces]

What do you think about adding a check to ensure the credential exists before applying str?

If config.password is None, str(None) converts this to the literal string "None", resulting in URLs like: redshift+psycopg2://user:None@...

This differs from the MySQL/Postgres implementation, which conditionally includes credentials only when they exist

[vcruces]

I noticed this changed from quote_plus to quote. I don’t see an issue with using quote here, if anything, it may even be preferable, but I’m wondering whether the original use of quote_plus was intentional 🤔

Not raising this as a change request, just something to keep in mind in case we see any related behavior changes down the line