Deprecation of Flyway's interactive behavior
Published 04 January 2024
Flyway engine had some (mostly) undocumented behavior on using flyway interactively to obtain the database username and password. This was originally created to avoid the problem of putting these directly into a configuration file or on the command line which are not particularly secure mechanisms, especially in a shared environment where files can be read and the console history can be viewed.
We've decided to deprecate this behavior for several reasons:
- There are much better ways available today than back in 2015 when this feature was introduced
- Flyway is primarily a pipeline deployment tool and requiring user input will cause the pipeline to hang
If you were dependent on this behavior then there are better ways available today to take a look at:
- You can put these parameters in environment variables (see User or Password)
- Your organization may offer enterprise-grade platform security tools (Secrets Management)
- Where Flyway is being used by a single user from a single machine then Local Secret may be a good choice
Finally, if you really really need that interactive behavior (and we don't recommend this) then it could be replicated using a simple shell script
We'll start warning about the deprecation from Flyway v10.4.x