Flyway Licensing
Published 16 October 2024
Flyway has a number of ways you can authenticate yourself to allow you to access features that are otherwise unavailable (for example, Flyway Teams, Flyway Enterprise, and or the Flyway Pipelines Service functionality).
This page signposts the various mechanisms available and when you should use them.
Note: this is for Flyway itself - not your database.
Online interactive authentication
Online licensing means that your license is automatically kept up to date and once configured, you won't have to manually update your license key when it expires.
Auth verb
The Auth verb will use a browser pop-up on your computer to authenticate the product using your Redgate ID. Typically this would be done once and thereafter Flyway can refresh the credentials automatically.
Online non-interactive authentication
Access Token (PAT)
Where you need a non-interactive flow (for example, in a pipeline), you can create a token in the Redgate portal and use that with a registered email address to authenticate Flyway. If you are using PAT as part of a CI/CD pipeline, then you might want to setup a service account associated with the flyway commands being called from CI/CD so that it's not tied to a particular end user.
Using a personal access token will store a license permit in the Redgate app data folder, the same location as when running the Auth command.
Offline non-interactive authentication
These work without contacting Redgate (e.g. air-gapped pipelines) and so will expire at renewal time. This will require that you update your pipeline to refresh the key/permit to continue working.
License permits
Legacy license keys
Authorization Precedence
There are multiple ways to authorize Flyway. The following list shows the order of precedence for authorization if you attempt to use more than one:
- Permit Location set in Environment Variable - License permit
- Permit as an Environment Variable - License permit
- Online Authentication by running the Auth command.
- Access token defined with an
email
andtoken
specified. - Legacy Flyway License key
Token Refresh
When an online authentication process successfully retrieves a license permit, a refresh token is saved to disk in the Flyway CLI
directory of the Redgate app data folder.
This refresh token is used to automatically refresh a user's license permit when it expires. Each time a license permit is refreshed, a new refresh token is saved to disk, replacing the existing refresh token.
This only applies to expired license permits in the Flyway CLI
directory of the Redgate app data folder—Flyway cannot automatically refresh expired license permits specified using offline License Permits.