Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Liquibase Business was formerly known as Datical DB.


Liquibase Business uses JDBC and vendor provided native clients to establish connections to the database.

Database Connection Method

Liquibase Database Connection Information

Liquibase obtains connection user/password information from one of these two methods below.  We strongly recommend to use the first method (runtime credentials) because it is more secure.  The third option (storing credentials in the datical.project file) is to be avoided because of the possibility of the encoded passwords being decoded.

  • Option 1: Runtime Credentials (more secure)

    • This method is strongly recommended for securely passing database credentials to Liquibase in the GUI or in automation (using the Command Line)

    • For Automation/Command Line, the automation platform retrieves database credentials from the company's credential store (often a 3rd-party tool like CyberArk or the CI/CD platform's native credential store) and loads them into environment variables before calling the Liquibase Business CLI

      • Credentials are passed to the CLI at runtime via environment variables

      • They are not persisted by Liquibase

    • For GUI usage, the user is prompted for database credentials at run-time

      • The Graphical User interface prompts users for information in real-time

      • They are not persisted by Liquibase

  • Option 2: Platform-Specific credential options (security depends on your configuration)

  • Option 3: Stored Credentials (less secure)

    • This method is only for evaluations and single-user usage as the encoding method is not secure and could compromise passwords in a multi-user environment.

    • When using the Stored Credentials option, for both the GUI and CLI the database User and Password are stored and persisted in the datical.project file:

      • Password is encoded (but not encrypted)

      • There may be potential risk of having the stored password be decoded

      • Limit who has access to the datical.project files on the machines running Liquibase Business

      • Limit who has access to the datical.project files stored in source control (Git, SVN, TFS)

      • We recommend that all customers use our hammer debug export "scrubber" to remove sensitive information from files before sending them in to Liquibase tech support.  If you are using the less secure Stored Credentials option, then that is extra incentive be sure to "scrub" your Liquibase files with the hammer debug export command before sending files to tech support: Assembling Data for Liquibase Support

See also these related pages for additional Credential Management information: 

  • No labels