Liquibase Environment Variables: It’s now easier and safer to control your deployments
Teams can now set where, when, and how Liquibase deploys database changes at the environment level. You no longer need to manage separate liquibase.properties files for different environments!
3 Reasons to Use Liquibase Environment Variables
Liquibase open source allows users to set deployment parameters and flags using properties files. When you have a small team, it works really well. However, if you have many developers and you need everything to be more secure, using this new Liquibase Pro feature makes a lot of sense.
Easier for teams
Give the right permissions to the right team members. With environment variables in place, it’s easier for developers to focus on building their code instead of worrying about their connection strings and property information.
For example, without environment variables, when a developer needs to change a flag during runtime, it can get tedious (and error-prone):
liquibase --changeLogFile=myChangeLog.sql --contexts=test,stage --labels=Jira223 --url=jdbc:mysql://hostname:3306/TEST --username=user1 --password=myStrongPassword --defaultSchemaName=mySchema --referenceUrl=jdbc:mysql://hostname:3306/DEV --referenceUsername=refUsername --referencePassword=refPassword --logLevel=FINE --classpath=/path/to/jdbc/mysql-connector-java-8.0.18.jar update
Now, with environment variables set up prior to running commands, developers only need to do this:
Ensure no emails, passwords, URLs, and other sensitive information gets pulled into source control. Since the liquibase.properties file contains properties such as the URL path to the database along with a username and password, placing this file in source control is not a good idea. By setting up Liquibase environment variables, all of this information can be stored in a secure environment before running commands on the server where the automation job is running.
Another advantage to separating the configuration with your repository is that when a password or other keys/values are changed, no changes need to occur in the code. The environment variables can just be updated to take effect.
Fewer productions mistakes
Human errors happen all the time. With Liquibase environment variables, you can prevent more mistakes from happening. When you configure Liquibase and manage the configuration on the server side, developers never have to see or deal with it. It significantly decreases the chances that changes are deployed to the wrong place, saving a lot of time and confusion.
What the users & developers see
In the following Jenkins build configuration, we are setting the Liquibase environment variables as a first step, by sourcing the exp_lb_env_vars.sh script in the build server’s home directory.
. ~/exp_lb_env_vars.sh &>/dev/null
Notice that the user doesn’t have any idea what the properties are. The properties are fully managed by whoever has the access to maintain the
exp_lb_env_vars.sh file on the server side.
Setting up Liquibase environment variables
Typically, a DevOps team member (or someone with a special authority with access to the database) can create a shell script similar to the one below. We’ll call it
exp_lb_env_vars.sh. This script contains several “export” commands to set the Liquibase environment variables.
#!/bin/bash export LIQUIBASE_COMMAND_USERNAME="username" export LIQUIBASE_COMMAND_PASSWORD="password" export LIQUIBASE_COMMAND_URL="jdbc connection url" export LIQUIBASE_PRO_LICENSE_KEY="pro key" export LIQUIBASE_CLASSPATH="/path/to/jdbc/driver" export LIQUIBASE_HUB_API_KEY="hub api key" export LIQUIBASE_HUB_MODE="all" PATH=/root/liquibase:$PATH
Setting Liquibase environment variables in Jenkins
Go to Manage Jenkins → Configure system
Under Global properties click the Add button to add the Liquibase environment variable in the Name box, and the value under the Value box.
See our documentation for more information.
Summing it up
Make your developers and your security team happy by making Liquibase even easier and safer to use. It’s completely free to try out Liquibase environment variables by grabbing a 30-day trial of Liquibase Pro. No credit card necessary. No strings. Just a happier dev team and reduced risk of sensitive data getting saved to your repo.