Redgate Flyway

Flyway Licensing

Flyway has a number of ways you can authenticate yourself to allow you to access features that are otherwise unavailable (for example, Flyway Teams, Flyway Enterprise, and or the Flyway Pipelines Service functionality).

This page signposts the various mechanisms available and when you should use them.

Note: this is for Flyway itself - not your database.

Online interactive authentication

Online licensing means that your license is automatically kept up to date and once configured, you won't have to manually update your license key when it expires.

Auth verb

The Auth verb will use a browser pop-up on your computer to authenticate the product using your Redgate ID. Typically this would be done once and thereafter Flyway can refresh the credentials automatically.

Online non-interactive authentication

Access Token (PAT)

Where you need a non-interactive flow (for example, in a pipeline), you can create a token in the Redgate portal and use that with a registered email address to authenticate Flyway.  If you are using PAT as part of a CI/CD pipeline, then you might want to setup a service account associated with the flyway commands being called from CI/CD so that it's not tied to a particular end user.  

Using a personal access token will store a license permit in the Redgate app data folder, the same location as when running the Auth command.

Offline non-interactive authentication

These work without contacting Redgate (e.g. air-gapped pipelines) and so will expire at renewal time. This will require that you update your pipeline to refresh the key/permit to continue working.

License permits

Legacy license keys

Authorization Precedence

There are multiple ways to authorize Flyway. The following list shows the order of precedence for authorization if you attempt to use more than one:

  1. Permit Location set in Environment Variable - License permit
  2. Permit as an Environment Variable - License permit
  3. Online Authentication by running the Auth command.
  4. Access token defined with an email and token specified.
  5. Legacy Flyway License key

Token Refresh

When an online authentication process successfully retrieves a license permit, a refresh token is saved to disk in the Flyway CLI directory of the Redgate app data folder.

This refresh token is used to automatically refresh a user's license permit when it expires. Each time a license permit is refreshed, a new refresh token is saved to disk, replacing the existing refresh token.

This only applies to expired license permits in the Flyway CLI directory of the Redgate app data folder—Flyway cannot automatically refresh expired license permits specified using offline License Permits.


Didn't find what you were looking for?