Redgate Flyway

Tutorial - Manage Secrets with Dapr

Page last updated 20 April 2026

EDITION: ENTERPRISE

This tutorial shows you how to configure Flyway's Dapr resolver to fetch database credentials from a Dapr Secret Store at runtime.

Pre-requisites

  • Flyway Enterprise Edition
  • A running Dapr application sidecar with a secret store component configured
  • Secrets stored in the Dapr secret store containing the values Flyway needs

If you are new to Dapr, see the Dapr secrets management quickstart.

Starting the Dapr sidecar

dapr run --app-id flyway-app --dapr-http-port 3500

The Secret Store REST API is then accessible at http://localhost:3500/v1.0/secrets/>.

Configuring Flyway

Either configure dapr settings in your project TOML

[environments.production]
url = "jdbc:postgresql://prod-host:5432/mydb"
user = "${dapr.prod-db-user}"
password = "${dapr.prod-db-password}"

[environments.production.resolvers.dapr]
url = "http://localhost:3500/v1.0/secrets/my-secret-store"
flyway info -environment=production

or define the connection information inline

flyway info \
  -environment=production \
  -environments.production.url="jdbc:postgresql://prod-host:5432/mydb" \
  -environments.production.user='${dapr.prod-db-user}' \
  -environments.production.password='${dapr.prod-db-password}' \
  -environments.production.resolvers.dapr.url="http://localhost:3500/v1.0/secrets/my-secret-store"


Dapr secrets cannot currently be configured using Flyway Desktop, though any configuration set in the TOML will be honored.

Related reference

Didn't find what you were looking for?

Product Articles

Tips and how-to guides for Redgate products

University

Easy to follow video courses

Community Forums

Ask, discuss, and solve questions about Redgate's tools

Events & Friends

Meet us at an event, get sponsored, and join our Friends of Redgate

Simple Talk

In-depth articles and opinion from Redgate's technical journal