Liquibase Enterprise was formerly known as Datical DB.

Provide Runtime Credentials


Overview: Using Runtime Credentials

If you do not want to store the database credentials, configure the project to use runtime credentials.  We recommend this option because it is more secure.

GUI

In the Settings tab, Credential Management section, check Specify database credentials at operation runtime.

CLI

Use the runtimeCredentials option. 

hammer set runtimeCredentials --force true

Runtime Credential Precedence

When the runtime credentials option is set for a project, then during operations, Datical DB checks for where the credentials are specified. Credential locations are checked in the following order:

  1. Explicit credentials for an operation:

    • CLI - You specify credentials in command options

  2. Environment variables (CLI only)

  3. Prompting. If the credentials are not provided explicitly and the environment variable is not set, Datical DB displays a prompt for the user to enter the credentials. 

    • GUI - Prompt dialog

    • CLI - Prompt line

Explicit Credentials

If you provide credentials in command options at the CLI, those credentials are checked. 

If they fail, no further checking is done, and the command fails. 

Single-Credential Commands

The credential options use a space to separate the option and the value. Do not use "=". 

Option

Description

Option

Description

One of these forms:

-un <username>
-dbusername <username>

User name in one of the following forms:

  • <username>

  • <dbdefname>:::<username>

One of these forms:

-pw <password>
-dbpassword <password>

Password in one of the following forms:

  • <password>

  • <dbdefname>:::<password>

One of these forms for DMCDB username ( version 8.3 and later):
-dun <username>
-dmcusername <username>

User name in this form:
<username>

One of these forms for DMCDB password ( version 8.3 and later):
-dpw <password>
-dmcpassword <password>

Password in this form:
<password>

If you pass username and password (with -un and -pw options) in such format: -un <username> -pw <password>, they are going to be set as global credentials.

Example: Forecast Operation

If you want to specify both credentials for source database and DMC DB you should do so in the following format:

hammer forecast DEV -un DEV:::username -pw DEV:::password -dun dmcusername -dpw dmcpassword

DEV is the equivalent to the source database name.

Two-credential Commands

The diff and diffChangeLog commands require two database names as options. 

  • Reference database - Represents the desired state.

  • Target database - Represents a current state, which is to be measured against the desired state.

The credential options use a space to separate the option and the value. Do not use "=". 

Option

Description

Option

Description

-ru <username>
-referenceUsername <username>

Reference database user name 

-rpw <password>
-referencePassword <password>

Password for the reference database user name

-tu <username>
--targetUsername <username>

Target database user name 

-tpw <password>
--targetPassword <password>

Password for the target database user name

Example: Performing a Diff

In this example, TEST is the reference database (desired state) and DEV is the target database (measured against the desired state).

hammer diff TEST DEV -ru refDbUser -rpw refDbPass -tu targetUser -tpw targetPass

Environment Variables

When the project is set to use runtime credentials and you run an operation from the CLI, environment variables are checked. 

Set the following environment variables if you want to provide default credentials for CLI hammer commands:

Environment variables

Description

DDB_USER
DDB_PASS

Database credentials. Used for commands that operate on a single database: forecast, deploy, rollback, and package (deployPackager.groovy) operations.

DDB_USER_<dbDefName>
DDB_PASS_<dbDefName>

Database credentials for an individual step (DbDef). Used only for groovy commands, including deployPackager.groovy

Note

The per-DbDef environment variables are checked first. If they are not set, then DDB_USER and DDB_PASS are checked. 

DDB_REF_USER
DDB_REF_PASS

Used with REFERENCE variables for commands that operate on two databases.

  • diff

  • diffchangelog

DDB_TARGET_USER
DDB_TARGET_PASS

Used with TARGET variables for commands that operate on two databases.

  • diff

  • diffchangelog

DDB_DMCDB_USER
DDB_DMCDB_PASS

Used to access the DMCDB database. Operations cause entries to be entered in the DMCDB database:

  • forecast

  • deploy

Prompts for Credentials

When you perform an action in the GUI, you will be prompted to provide credentials if Runtime credentials are required. (Either the project option is set or no credentials have been entered for a step.) 

You are prompted with a dialog:

Video

See also video 9 about Database Credentials

Copyright © Liquibase 2012-2022 - Proprietary and Confidential