Redgate Flyway

Vault Resolver

Page last updated 12 May 2026

Flyway Enterprise

Per-environment Vault secret management configuration. Values can be inlined in the environment configuration using ${vault.path/to/secret/key}.

Settings

Setting Required Type Description
url Yes String The URL of the Vault API endpoint.
token Yes String The token to authenticate with Vault.
engineName Yes String The name of the secret engine.
engineVersion Yes String The version of the secret engine.

Usage

Flyway Desktop

This can't be set in a config file via Flyway Desktop, although it will be honoured.

Command-line

./flyway info \
-environment='development' \
-environments.development.url='jdbc:postgresql://localhost/postgres' \
-environments.development.user='postgres' \
-environments.development.password='${vault.flyway/password}' \
-environments.development.resolvers.vault.url='http://localhost:8200/v1' \
-environments.development.resolvers.vault.token='abc.1234567890' \
-environments.development.resolvers.vault.engineName='secret' \
-environments.development.resolvers.vault.engineVersion='v2'

TOML Configuration File

[environments.development]
url = "jdbc:postgresql://localhost/postgres"
user = "postgres"
password = "${vault.flyway/password}"

[environments.development.resolvers.vault]
url = "http://localhost:8200/v1"
token = "abc.1234567890"
engineName = "secret"
engineVersion = "v2"

Didn't find what you were looking for?

Product Articles

Tips and how-to guides for Redgate products

University

Easy to follow video courses

Community Forums

Ask, discuss, and solve questions about Redgate's tools

Events & Friends

Meet us at an event, get sponsored, and join our Friends of Redgate

Simple Talk

In-depth articles and opinion from Redgate's technical journal