Spring Boot makes database migration with Flyway or Liquibase almost effortless - but by default it will use the
spring.datasource.*
credentials when running the migrations, which kinda suggests that this user should have
ALL PRIVILEGES
on the schema. This is risky, because... well if you find this page, you probably familiar
with poor little Bobby Tables
.
Spring Boot also makes it possible to configure separate credentials for running database migrations with the
spring.flyway.*
or spring.liquibase.*
properties.
I prefer app credetials this way: an app owner
with ALL PRIVILEGES
to run the migrations and an app user
with least privileges, mostly CRUD
or some limited EXECUTE
for the app itself.