0

I use Flyway with Spring boot to version control my DB, all well and good.

The issue is the SQL files will be stored in my source code under resources/db/migration/.., and it's hosted on Github, so if someone could get my source code somehow from there, he will get all my database.

And also, in my case, I use a lot of TOKENS to connect with different external apps, and I found nothing in the Flyway docs that says how to hide sensible information in your SQL files.

so my questions are:

  1. How to secure the SQL files so that they will not be stored inside source code ?
  2. If there is no way to hide those SQL files, so how to secure sensitive information inside SQL files ?
Andy Wilkinson
  • 108,729
  • 24
  • 257
  • 242
Soufiane Odf
  • 1,054
  • 2
  • 9
  • 23

1 Answers1

1

Unfortunately, Flyway itself does not contain a method to secure files. You could mount a secured drive at runtime and point Flyway at that location for the SQL files. You can change the location Flyway uses to look for SQL files using the locations parameter.

Also, as mentioned by @dhanraj in a comment, Flyway does have the concept of Placeholders to inject data into scripts. So, for examples, a TOKEN could be set up as a environment variable on a secure environment and injected that way.

Barry
  • 369
  • 1
  • 6