Provide some better authentication method

[pavel-kalmykov]

I was trying to make work this tool with my Postgres DB, but I found that I need to specify explicitly in the -database URL parameter my user and password, like this:

migrate -database postgres://user:pass@localhost:5432/my-db -path src/github.com/paveltrufi/my-project/database/migrations/ up

So I was wondering if you would be able to add some parameters to the CLI in order to avoid writing my credentials in the DB URL. It could be even better if by default you would pick the setting from and .env file or something like this.

BTW it seems like the CLI tool enforces you to use SSL on the connection (I had to configure a self-signed certificate for my dockerized DB which was kinda difficult but I eventually managed to do it). Is there any way to make a migration without the SSL enabled?

Thanks in advance.

[dhui]

The pq library defaults to sslmode=require for security.
You may specify sslmode=disable in your connection string to disable SSL. For more info about the connection string, checkout the pq docs

The migrate CLI needs a consistent way (i.e a connection string) to specify the the connection params for all DBs since it supports DBs other than postgres. To avoid exposing your credentials, securely obtain your creds (however it's done) and use postgres.WithInstance() (docs) with migrate.NewWithDatabaseInstance() (docs)