Automatically obtain database password from db-specific external source if not explicitly specified #960
Comments
|
I should have said more -- This is very low priority; The |
|
Thanks for the suggestion and the nice comments :-) I am still undecided about this. I basically see 3 options:
I'll leave this opne for now and give it some thought post 3.2 |
|
@ToBeReplaced if security is your concern, the http://www.postgresql.org/docs/current/static/libpq-envars.html
|
|
I'm using flyway inside of a docker container, and I don't believe the On Mon, 2015-03-16 at 09:22 -0700, Chris Bandy wrote:
|
|
Just bumped into this. It doesn't sound technically difficult to resort to Would be nice feature, still. |
|
Would be helpful to check the .pgpass file. |
|
@cajnoj This sounds interesting. Yes, let's discuss! |
axelfontaine
changed the title
|
This is a bit old, but I was able to script around this to extract the appropriate password from the desired Posting this in case anyone else is looking for a way not to store sensitive passwords inside their scripts. The password is stored in the standard pretty configurable, you could even read the list of hosts, databases and users from a config file to make this script 100% generic. #!/usr/bin/env bash
ENV=local
if [ ! -z "$1" ]; then
ENV=$1
fi
case "$ENV" in
prd|prod|production)
ENV="production"
# insert multiple hosts separated by spaces
HOSTS="host1 host2"
# insert your database name here
DATABASE="database_name"
# insert your username here.
USER="user_name"
;;
*)
err "$ENV not found"
exit
;;
esac
# insert your port number here, or within the switch if it changes
PORT=port_number
# we assume the .pgpass file exists under the current tree.
PGPASSFILE=$PWD/config/*.pgpass
# go through all of the hosts and upgrade each one
for HOST in ${HOSTS}; do
# .pgpass file is stored in the format host:port:database:user:password
SEARCH="$HOST:$PORT:$DATABASE:$USER:"
# find the first matching line
LINE=$(grep -m1 $SEARCH $PGPASSFILE)
# extract our password from the line
PASSWORD="${LINE:${#SEARCH}}"
# make sure a password was found
if [ -z "$PASSWORD" ]; then
echo "Unable to find password for $USER in $HOST:$PORT/$DATABASE"
continue
fi
# execute upgrade.
./flyway-6.1.0/flyway.cmd migrate \
-url="jdbc:redshift://$HOST:$PORT/$DATABASE" \
-installedBy="$USERNAME" \
-user="$USER" \
-password="$PASSWORD"
done
echo "Done." |
|
This is (loosely) related to #1194 and we'll be revisiting authentication more generally in v7 |
I'd like to use the PGPASSWORD environment variable to pass the password through to Postgresql, as allowed by psql. That way, I don't end up with a password visible to other users.
To reproduce, instead of using
flyway migrate -password=example, usePGPASSWORD=example flyway migrate.Great tool, thanks for the no-nonsense SQL-based migrations.
The text was updated successfully, but these errors were encountered: