Tutorial - Manage Secrets with Dapr
Published 20 April 2026
EDITION: ENTERPRISE
This tutorial shows you how to configure Flyway's Dapr resolver to fetch database credentials from a Dapr Secret Store at runtime.
Pre-requisites
- Flyway Enterprise Edition
- A running Dapr application sidecar with a secret store component configured
- Secrets stored in the Dapr secret store containing the values Flyway needs
If you are new to Dapr, see the Dapr secrets management quickstart.
Starting the Dapr sidecar
dapr run --app-id flyway-app --dapr-http-port 3500
The Secret Store REST API is then accessible at http://localhost:3500/v1.0/secrets/>.
Configuring Flyway
Either configure dapr settings in your project TOML
[environments.production]
url = "jdbc:postgresql://prod-host:5432/mydb"
user = "${dapr.prod-db-user}"
password = "${dapr.prod-db-password}"
[environments.production.resolvers.dapr]
url = "http://localhost:3500/v1.0/secrets/my-secret-store"flyway info -environment=production
or define the connection information inline
flyway info \
-environment=production \
-environments.production.url="jdbc:postgresql://prod-host:5432/mydb" \
-environments.production.user='${dapr.prod-db-user}' \
-environments.production.password='${dapr.prod-db-password}' \
-environments.production.resolvers.dapr.url="http://localhost:3500/v1.0/secrets/my-secret-store"Dapr secrets cannot currently be configured using Flyway Desktop, though any configuration set in the TOML will be honored.
Related reference
This documentation contains proprietary information and is protected by copyright law.
Copyright © 2026 Red Gate Software Limited. All rights reserved
