New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically obtain database password from db-specific external source if not explicitly specified #960
Comments
I should have said more -- This is very low priority; The |
Thanks for the suggestion and the nice comments :-) I am still undecided about this. I basically see 3 options:
I'll leave this opne for now and give it some thought post 3.2 |
@ToBeReplaced if security is your concern, the http://www.postgresql.org/docs/current/static/libpq-envars.html
|
I'm using flyway inside of a docker container, and I don't believe the On Mon, 2015-03-16 at 09:22 -0700, Chris Bandy wrote:
|
Just bumped into this. It doesn't sound technically difficult to resort to Would be nice feature, still. |
Would be helpful to check the .pgpass file. |
@cajnoj This sounds interesting. Yes, let's discuss! |
This is a bit old, but I was able to script around this to extract the appropriate password from the desired Posting this in case anyone else is looking for a way not to store sensitive passwords inside their scripts. The password is stored in the standard pretty configurable, you could even read the list of hosts, databases and users from a config file to make this script 100% generic. #!/usr/bin/env bash
ENV=local
if [ ! -z "$1" ]; then
ENV=$1
fi
case "$ENV" in
prd|prod|production)
ENV="production"
# insert multiple hosts separated by spaces
HOSTS="host1 host2"
# insert your database name here
DATABASE="database_name"
# insert your username here.
USER="user_name"
;;
*)
err "$ENV not found"
exit
;;
esac
# insert your port number here, or within the switch if it changes
PORT=port_number
# we assume the .pgpass file exists under the current tree.
PGPASSFILE=$PWD/config/*.pgpass
# go through all of the hosts and upgrade each one
for HOST in ${HOSTS}; do
# .pgpass file is stored in the format host:port:database:user:password
SEARCH="$HOST:$PORT:$DATABASE:$USER:"
# find the first matching line
LINE=$(grep -m1 $SEARCH $PGPASSFILE)
# extract our password from the line
PASSWORD="${LINE:${#SEARCH}}"
# make sure a password was found
if [ -z "$PASSWORD" ]; then
echo "Unable to find password for $USER in $HOST:$PORT/$DATABASE"
continue
fi
# execute upgrade.
./flyway-6.1.0/flyway.cmd migrate \
-url="jdbc:redshift://$HOST:$PORT/$DATABASE" \
-installedBy="$USERNAME" \
-user="$USER" \
-password="$PASSWORD"
done
echo "Done." |
This is (loosely) related to #1194 and we'll be revisiting authentication more generally in v7 |
I'd like to use the PGPASSWORD environment variable to pass the password through to Postgresql, as allowed by psql. That way, I don't end up with a password visible to other users.
To reproduce, instead of using
flyway migrate -password=example
, usePGPASSWORD=example flyway migrate
.Great tool, thanks for the no-nonsense SQL-based migrations.
The text was updated successfully, but these errors were encountered: