[FEATURE REQUEST] Add support for docker-compose secrets

Question

[FEATURE REQUEST] Add support for docker-compose secrets

jakec-dev opened this issue 2 years ago · 1 comments

For security purposes I do not want to hardcode my MySQL passwords in docker-compose.yml. I'm able to avoid this in the MySQL container by using MYSQL_PASSWORD_FILE environment variable, which loads the password from the specified secret file. It would be great if there was also a FLYWAY_PASSWORD_FILE environment variable that could do the same.

Example:

version: "3.1"

services:
  mysql:
    image: mysql
    ports:
      - 3306:3306
    environment:
      MYSQL_DATABASE: my_database
      MYSQL_USER: database_user
      MYSQL_PASSWORD_FILE: /run/secrets/database_user_password
      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/root_password
    secrets:
      - database_user_password
      - root_password

  flyway:
    image: flyway/flyway
    environment:
      FLYWAY_USER: database_user
      FLYWAY_PASSWORD_FILE: /run/secrets/database_user_password # **** PROVIDE SUPPORT FOR THIS LINE *** 
      FLYWAY_URL: jdbc:mysql://mysql:3306/my_database?allowPublicKeyRetrieval=true
    secrets:
      - database_user_password
    command: -locations=filesystem:/flyway/sql -connectRetries=60 migrate
    depends_on:
      - mysql

secrets:
  database_user_password:
    file: ./secrets/database_user_password
  root_password:
    file: ./secrets/root_password

Answer 1 · 2022-08-24T08:08:59.000Z

Flyway already supports different methods of authentication, such as Option Files for MySQL

We also have various Secrets Management integrations for this scenario

If the intention is to specify the password in a plaintext file, you could also use a Config File and pass in credentials in this file

Given the existing solutions to this problem, we'll be closing this unless there is further interest in a new feature