Prompt for userId and password in commandline mode

[sachin-walia]

I think it is difficult to implement userId and password encryption in flyway.conf file without making other compromises such as exposing encryption keys. How about if in commandline mode flyway prompts user for database credentials? That would still be very secure compared to storing in clear text in conf file.

[axelfontaine]

Thank you for your suggestion. You can always pass these in with -user=xzy -password=blablabla with dmeans there is no need to hardcode these in files.

I don't want to go beyond this. Won't fix.

[akhudek]

The command line arguments are not secure as they can be captured by things such as shell history and other accounting tools. This is a serious issue.

[axelfontaine]

@akhudek You can put them in a config file to eliminate this issue.

[akhudek]

Unfortunately we need to operate in some environments where we cannot store cleartext passwords in files due to regulations. We'll probably resort to building our own command line client wrapper to get around this problem. It would certainly be helpful to have an option to prompt for a password in the distributed command line client though.

[axelfontaine]

Fair point. Reopening.

[PredatorVI]

Pull request for fix submitted. I'm new to the GitHub process. Hopefully it gets accepted and released soon.

[axelfontaine]

This has now been fixed. Prompting will happen automatically if either user or password have not been supplied via any other means.

Cheers
Axel

[smanoharaw]

Hi axelfontaine,
I love the product. I tested it yesterday on my Oracle db. very easy to use. But I really need the passwordPrompt functionality? Where can I get the flyway version with this? Or, if I could get the code I can create the jar file? Please let me know how to go about this. We are going live in a month or so.
Thanks

[ghost]

Hello,
I'm using version 4.0 and didn't supply a password but not getting prompted. Anything I'm doing wrong here?

flyway.conf
#flyway.password=

[szxnyc@orbiter scripts]$ flyway info
Flyway 4.0 by Boxfuse

ERROR: Unable to obtain Jdbc connection from DataSource (jdbc:mysql://localhost:3306/mydb) for user 'devuser': Could not connect: Access denied for user 'devuser'@'localhost' (using password: NO)

[PredatorVI]

I downloaded the latest client as well and verified this is not working. I pulled the latest code in order to debug it but can't seem to build it due to missing dependencies:

Building flyway-core:
Failed to execute goal on project flyway-core: Could not resolve dependencies for project org.flywaydb:flyway-core:jar:0-SNAPSHOT: The following artifacts could not be resolved: sqlline:sqlline:jar:1.1.8, com.sap.db.jdbc:ngdbc:jar:1.103.0: Failure to find sqlline:sqlline:jar:1.1.8 in mynexus

The only version of sqlline available in maven central is version 1.1.9.

Building flyway-commandline:
The following artifacts could not be resolved: com.oracle:server-jre:tar.gz:windows-x64:8.74, com.oracle:server-jre:tar.gz:linux-x64:8.74, com.oracle:jre:tar.gz:macosx-x64:8.74: Could not find artifact com.oracle:server-jre:tar.gz:windows-x64:8.74 in mynexus.
If I need to install custom maven artifacts there doesn't seem to be any instructions on what is needed or where to get it.

If it takes another 9 months to get a release with this in it, I'm going to be very frustrated.

[smanoharaw]

I moved to liquibase since this feature is not working in flyway.

Thanks,

Sadhana

From: Steven Zgaljic [mailto:notifications@github.com]
Sent: Sunday, March 13, 2016 5:35 PM
To: flyway/flyway
Cc: Sadhana Manohar
Subject: Re: [flyway] Prompt for userId and password in commandline mode (#724)

Hello,
I'm using version 4.0 and didn't supply a password but not getting prompted. Anything I'm doing wrong here?

flyway.conf
#flyway.password=

[szxnyc@orbiter scripts]$ flyway info
Flyway 4.0 by Boxfuse

ERROR: Unable to obtain Jdbc connection from DataSource (jdbc:mysql://localhost:3306/mydb) for user 'devuser': Could not connect: Access denied for user 'devuser'@'localhost' (using password: NO)

—
Reply to this email directly or view it on GitHub #724 (comment) .Image removed by sender.

[axelfontaine]

Build instructions are available here: https://flywaydb.org/documentation/contribute/code/setup and here https://flywaydb.org/documentation/contribute/code/database

You can avoid all those DB-specific dependencies by using -DskipTests

[PredatorVI]

@axelfontaine Thanks for the fix. When might we see an official release build?

Also for the sake of trying to get this thing to build, it still tries to build tests and fails finding sqlline.

Per https://maven.apache.org/surefire/maven-surefire-plugin/examples/skipping-test.html, -DskipTests only skips execution, not compile. I tried both -DskipTests and -Dmaven.test.skip=true with no change in the compile error.

So, it still seems to have a non-test dependency that requires sqlline:sqlline:1.1.8 (which is no longer available in Maven Central). I've included abbreviated output below of each command:

C:\Flyway> mvn -version

Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T09:41:4
7-07:00)
Maven home: C:\Dropbox\Tools\apache-maven-3.3.9\bin..
Java version: 1.8.0_74, vendor: Oracle Corporation
Java home: C:\Program Files\Java\jdk1.8.0_74\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"

C:\Flyway> mvn install -P-InstallableDBTest -P-CommercialDBTest

[INFO] Scanning for projects...
...
[INFO] ------------------------------------------------------------------------
[INFO] Building flyway-core 0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for sqlline:sqlline:jar:1.1.8 is missing, no dependency inform
ation available
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.643 s
[INFO] Finished at: 2016-03-14T11:33:19-06:00
[INFO] Final Memory: 23M/435M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project flyway-core: Could not resolve depende
ncies for project org.flywaydb:flyway-core:jar:0-SNAPSHOT: Failure to find sqlli
ne:sqlline:jar:1.1.8 in nexus
...

C:\Flyway> mvn clean compile -DskipTests -Dmaven.test.skip=true

[INFO] Scanning for projects...
...
[INFO] ------------------------------------------------------------------------
[INFO] Building flyway-core 0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for sqlline:sqlline:jar:1.1.8 is missing, no dependency inform
ation available
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.000 s
[INFO] Finished at: 2016-03-14T11:20:34-06:00
[INFO] Final Memory: 18M/304M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project flyway-core: Could not resolve depende
ncies for project org.flywaydb:flyway-core:jar:0-SNAPSHOT: Failure to find sqlli
ne:sqlline:jar:1.1.8 in nexus
...

[grobmeier]

@PredatorVI I made the build work with running this command:

mvn install -P-InstallableDBTest -P-CommercialDBTest -P-CommandlinePlatformAssemblies -DskipTests=true

The first part I got from the docs:
https://flywaydb.org/documentation/contribute/code/database

The second part is from the CLI maven pom:
https://github.com/flyway/flyway/blob/master/flyway-commandline/pom.xml#L10

And I can confirm the issue is gone for me (mysql)