Skip to content

Reading DATABASE_URL from .env files implicitly can be very dangerous/potentially destructive #3722

Closed
@benwilber

Description

@benwilber

I have found these related issues/pull requests

Somewhat related to #3061

Description

$ sqlx migrate run --help
Run all pending migrations
...
  -D, --database-url <DATABASE_URL>
          Location of the DB, by default will be read from the DATABASE_URL env var or `.env` files
...

sqlx cli reads DATABASE_URL from .env files implicitly which can be very dangerous and potentially destructive when running database commands against different environments (prod, staging, dev, etc.)

It is easy to accidentally run a migrate run/revert against a database that you did not intend to just by accidentally being in the wrong directory. Is it not sufficient for the developer to use something like dotenv, foreman, etc. like they normally do to explicitly load their .env files into the environment when running sqlx commands? This is much safer and less surprising. "Principle of Least Surprise" and all that.

Reproduction steps

Run an sqlx migrate command whilst in a directory with a .env file pointing to a server different than the one you thought (maybe you just changed directories, or are working in a script).

SQLx version

sqlx-cli 0.7.4

Enabled SQLx features

"chrono", "postgres", "runtime-tokio"

Database server and version

PG 14

Operating system

macOS

Rust version

rustc 1.84.0 (9fc6b4312 2025-01-07)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions