Skeema v1.6.0 released

November 12, 2021

Skeema v1.6.0 is now available! This release adds new SSL / TLS options; premium improvements for routines, views, and triggers such as definer stripping; and new builds for M1 Macs and packages for Alpine Linux.

SSL / TLS options

By default, Skeema will use an encrypted connection whenever the database server supports one, or an unencrypted connection if not. This behavior can now be easily configured with the new ssl-mode option. This option can be used to strictly always require an encrypted connection, in situations where a fatal error is preferable to an unencrypted connection. Or, for situations where the link is already encrypted (such as an SSH tunnel), this option may be used to disable encryption entirely and avoid the latency penalty of unnecessary double-encryption.

Several additional new options relating to encrypted connections are only available in the Premium edition of the Skeema CLI:

  • ssl-cert and ssl-key may be specified to supply client-side public and private keys, permitting connection via a user configured with the REQUIRE X509, REQUIRE ISSUER, and/or REQUIRE SUBJECT attributes on the server side.
  • ssl-ca may be specified to supply a Certificate Authority (CA) file, which is used to verify the server, helping to prevent man-in-the-middle attacks.
  • ssl-mode=verify_identity may be enabled to perform a stricter CA check which includes verification of the server’s hostname. (For purposes of compatibility with MariaDB and older MySQL clients, this behavior can also be enabled using the equivalent ssl-verify-server-cert option.)
  • Even if the server does not support SSL/TLS, server-public-key-path can be used to permit secure password exchange under certain MySQL auth plugins.

These options are all designed to match the names and behavior of their corresponding mysql command-line client options. This means if you’ve already configured them in your ~/my.cnf file, Skeema will pick up these settings automatically by default.

Improvements for routines, views, and triggers

The Premium edition of the Skeema CLI now includes several new enhancements for stored procedures, functions, views, and triggers:

  • The new strip-definer option removes DEFINER clauses from *.sql files, and ignores them in diff operations. By default, it is automatically enabled whenever Skeema’s database user connection does not have SUPER permissions to manipulate definers, such as on AWS RDS or GCP CloudSQL. It is also useful for companies who give each developer their own database user, or situations where users differ between dev/stage/prod environments.

  • Three new “ignore” global regex options flesh out support for all object types: this release adds ignore-proc, ignore-func, and ignore-view. You may use these options to have flexible fine-grained control over objects to ignore – or even ignore all objects of a given type if you wish, either permanently in option files, or just as-needed using command-line overrides. For example, skeema push --ignore-view=. allows you to skip all views just in one specific skeema push operation.

  • In MariaDB, when modifying an existing stored procedure or function, MariaDB’s CREATE OR REPLACE syntax is now used automatically. Since this operation permits modifying a routine in a single statement, it is not considered an unsafe action.

New builds and packages

A native 64-bit ARM MacOS build of the Skeema CLI is now provided for recent Macs with Apple Silicon (M1) CPUs. For Community Edition users of Homebrew, the correct architecture build is selected automatically by brew. Additionally, special care has been taken with Skeema’s workspace=docker on ARM, to ensure only native ARM database container images are used. This provides exceptional performance and stability by avoiding the need for x86 emulation.

For Alpine Linux users, an APK package of the Skeema CLI is now provided. This is especially useful in custom Dockerfiles, when building small Alpine-based containers.

New premium subscription plans

A new product tier, Skeema Max, is now available! Designed for medium to large companies, this new subscription offering supplements the Skeema Premium CLI functionality with a technical support plan, fewer license restrictions, and no sharding limitations.

All subscription products – Skeema Plus, Skeema Max, and Skeema Cloud Linter – may now be purchased as either monthly or annual subscriptions. Annual plans receive one month free, an 8% discount. Subscribers may modify the choice of product tier or subscription interval at any time via the Manage Billing link of the product portal; any changes take effect right away, with a proration or credit balance applied as appropriate for your current billing period.