Search code examples
gitsecurityjooqjooq-codegen-mavenjooq-codegen

Why does jOOQ want you to check your database username and password into git?

I'm trying to set up my first jOOQ project. I have a schema set up, and I need to do the code generation from it.

Obviously, the code generator needs access to the database so it can query it.

Unfortunately, it seems the database username and password need to be hard-coded in the configuration file.

What?!

I'm not checking my database password, any database password, into git!

First, because the source code for this application is publicly available on GitHub.

Second, because I'm a professional and I don't deviate from the professional approach to software development for anything.

Is the only way to do this really to check your DB password into git, omit the entire configuration file from git, or deal with local changes, and the potential for disaster if they ever get committed?

Solution

  • It's great to see that you're not going to blindly check in your username and password into git. But I'm not sure why you think that jOOQ "wants you" to do that. Nothing in jOOQ or the jOOQ manual suggests you should do that.

    You're probably referring to the code generation configuration sections of the manual? E.g.

    <jdbc>
    <driver>oracle.jdbc.OracleDriver</driver>
    <url>jdbc:oracle:thin:@[your jdbc connection parameters]</url>
    <user>[your database user]</user>
    <password>[your database password]</password>
</jdbc>

    But this is just ordinary Maven configuration XML, so you can easily use ${db.user} and {db.password} system properties. Or environment variables. Those are Maven features, not jOOQ ones. Gradle has similar capabilities.

    In addition to that, jOOQ supports passing these values as system properties, independently of Maven/Gradle:

    • -Djooq.codegen.jdbc.user (string): The JDBC user name to use for JDBC connection based code generation
    • -Djooq.codegen.jdbc.password (string): The JDBC password to use for JDBC connection based code generation

    You can also configure the code generator programmatically, in case of which you're completely free to choose any mechanism of passing username/password to your code generation setup that you want.

    Also, keep in mind that one of the recommended approaches to generating code is to use testcontainers, in case of which username and password are irrelevant, making this setup much simpler.

    As you can see, there are tons of options, none of which suggests that jOOQ wants you to do the bad thing.