stackoom
  简体   繁体   中英

Need to supply DB password to run evolutions at run time - Play + Slick

 原文  2019-01-24 00:32:09       database/ playframework/ slick/ hikaricp/ playframework-evolutions

Question

I need to avoid storing plain text passwords in config files, and so I'm storing the Postgres password externally (in AWS Secrets Manager).

Similarly to the solution provided here: Encrypted database password in Play + Slick + HikariCP application , I've been able to override dbConfig and supply the password to my DAO classes like this: 

trait MyDaoSlick extends MyTableDefinitions with HasDatabaseConfig[MyPostgresDriver] {
  protected val dbConfigProvider: DatabaseConfigProvider
  override protected val dbConfig: DatabaseConfig[MyPostgresDriver] = secretDbConfig(dbConfigProvider)
  def secretDbConfig(dbConfigProvider: DatabaseConfigProvider): DatabaseConfig[MyPostgresDriver] = {
    DatabaseConfig.forConfig[MyPostgresDriver]("", dbConfigProvider.get[MyPostgresDriver].config
      .withValue("db.user", ConfigValueFactory.fromAnyRef(getUN))
      .withValue("db.password", ConfigValueFactory.fromAnyRef(getPWD)))
  }
}

This works great for regular DB queries, however evolutions bypass this and still expect the username and the password to be in application.conf, which kind of defeats the purpose of the password being a secret.

Any advice on how evolutions could get the DB credentials from a function?

1 answers

solution1
 0  2019-09-06 15:21:39

I ran into the same issue, and I managed to resolve it like this:

  1. Create a custom application loader, as shown here: https://www.playframework.com/documentation/2.7.x/ScalaDependencyInjection#Advanced:-Extending-the-GuiceApplicationLoader

  2. Inside the custom loader's builder, append the DB configuration parameters for Slick: 

    val extra = Seq(
        "slick.dbs.default.db.url" -> secrets.url,
        "slick.dbs.default.db.user" -> secrets.user,
        "slick.dbs.default.db.password" -> secrets.pass
      )

Nothing else needs to be changed, as you've basically added the configuration needed for anything Slick, evolutions included.

On older versions of Play, we used to do this inside GlobalSettings.onLoadConfig , but, at some point, that has been deprecated in favour of DI. More details here: https://www.playframework.com/documentation/2.7.x/GlobalSettings

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Play, Hibernate and Evolutions Encrypted database password in Play + Slick + HikariCP application Play-slick - Is default.db required? What are the additional expenses in jdbc in addition to the time taken by the db to run the query? Unbelievable difference in SQL query run time between local DB and production Moving data from DB to static files, run time variables Do we need to run flush privileges after changing variable default_password_lifetime in MySQL? What credentials do I need to run from my local host in YugaByte DB? Play Scala Slick transactions Cannot run heroku db:push
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM