This brief tutorial will teach you how to integrate Dapr into your Flyway process.
Dapr is an application runtime which has a secrets management component, allowing you to securely store and provide access to sensitive information. You can learn more about it here.
Flyway integrates with Dapr’s Secret Store, letting you securely store and provide access to any confidential Flyway parameters.
This tutorial will assume you already have a Dapr server instance and know how to configure secrets in it, and a local installation of the Dapr application sidecar.
There are two new parameters to configure in Flyway in order to set up the Dapr integration:
This is the REST API URL of your Dapr application sidecar. Typically you will initialise the sidecar with a command
dapr run --app-id my-app --dapr-http-port 3500 where you specify the port the sidecar will listen to.
The Secret Store REST API is then accessible at
my-secrets-store is the specific store name. The API is the same regardless of the underlying storage mechanism.
This is a comma-separated list of secrets in Dapr Secret Store which Flyway should try to read from.
The value of each secret must be structured like a Flyway configuration file. For example, if we wanted to store a
database password in a secret we would give the secret
flyway.password=<database_password> as its value.
Our example will assume that we have:
my-flyway-configand the following contents:
flyway.url=<database_url> flyway.user=<database_user> flyway.password=<database_password>
If we now execute the following Flyway command:
flyway info -plugins.dapr.url="http://localhost:3500/v1.0/secrets/my-secrets-store" -plugins.dapr.secrets="my-flyway-config"
Flyway will connect to your database without needing the database credentials to be provided in plaintext.
Instead, Flyway will read in the specified secret and use its value to configure the database credentials and
display the overview of the schema history table that results from
In this brief tutorial we saw how to: