Install Liquibase Secure with Homebrew

Last updated: November 18, 2025

This workflow installs Liquibase Secure, installs Liquibase as a cask in your homebrew-cask repository, and provides theliquibase command line tool.

Critical change for Liquibase Secure 5.0 + users: If you are an existing Liquibase Secure user, the brew install liquibase formula may still exist from versions before Liquibase 4.33, but the command will not install Liquibase 5.x +. To access the Liquibase Secure features, you must use brew install --cask liquibase-secure to maintain enterprise functionality when upgrading to 5.x. Please refer to the table below to understand what command you should use as a Secure user. As of Liquibase 5.0, Homebrew requires separate distributions for the Community and Secure editions. These are installed as Homebrew Casks, not formulas, because they are pre-compiled binary distributions.

Edition

Command

Notes

Liquibase Community

brew install liquibase

Installs OSS version only

Liquibase Secure

brew install --cask liquibase-secure

Installs enterprise version (Liquibase Secure 5.0+)

Before you begin

Confirm that Java is installed. If you use the Liquibase Installer, Java is included automatically.

Procedure

1

Install Homebrew

Install Homebrew if it is not already installed on your machine.

To check whether it's already installed, run the following command in your terminal:

brew --version

If Homebrew is installed, the version number will be returned. If not, you'll see a message indicating the command was not found, and you should troubleshoot the Homebrew installation.

2

Run brew install --cask liquibase-secure

In your command line, run the following command:

brew install --cask liquibase-secure

Note: If Homebrew is not in your path, you'll need to update your shell's configuration file to include it, which will cause Liquibase to be included. If needed, you can follow the post-installation steps provided by Homebrew to set this up.

3

Apply your Liquibase Secure license key.

Using a Secrets Management tool like Hashicorp Vault or AWS Secrets Manager is best to keep Liquibase license keys secure.

There are several ways to apply the Liquibase Secure license key:

Include the Liquibase Secure license key in the Liquibase properties file and save it.

For example:

liquibase.licenseKey: aei76ou32thp785463214

Pass the Liquibase Secure license key as a parameter in the command line during runtime:

liquibase --license-key=[paste the Liquibase Secure license key] [command]

For example:

liquibase --license-key=aei76ou32thp785463214 update

Set the Liquibase Secure license key as an environment variable in the command line.

On Windows:

set LIQUIBASE_LICENSE_KEY=aei76ou32thp785463214

On Linux/macOS:

export LIQUIBASE_LICENSE_KEY=aei76ou32thp785463214

Set the Liquibase Secure license key with the JAVA_OPTS Environment Variable in the command line:

JAVA_OPTS="Dliquibase.licenseKey=<enter license key here>"

Pass the Liquibase Secure license key while using a Docker container. Docker allows the use of --env in the command.

docker run --env LIQUIBASE_LICENSE_KEY=<enter license key here>... \ -it liquibase/liquibase-secure:latest sh

If you use Maven, include the Liquibase Secure license key in the <properties> section of your pom.xml file:

<liquibaseLicenseKey>key-goes-here</liquibaseLicenseKey/>

For example:

<plugin> <groupId>org.liquibase</groupId> <artifactId>liquibase-commercial-maven-plugin</artifactId> <version>0-SNAPSHOT</version> <configuration> <changelogFile>com/example/changelog_v4.6.xml</changelogFile> <liquibaseLicenseKey>key-goes-here</liquibaseLicenseKey> </configuration> </plugin>

Note: In older versions of Liquibase, you must use the syntax <liquibaseProLicenseKey> instead of <liquibaseLicenseKey>.

If you use Azure DevOps and pass your license key as an environment variable, you can set the value of LIQUIBASE_LICENSE_KEY in your Azure DevOps pipeline setting file:

script: | echo "Running Policy Checks" liquibase checks run --changeLogFile=mysqlChangelog.xml displayName: 'Run Policy Checks' env: LIQUIBASE_LICENSE_KEY: $(LiquibaseKey)

In this example, LiquibaseKey is the name of the Azure DevOps project variable whose value is the license key.

You can directly embed your Liquibase Secure license key (myProLicenseKey) in a custom Java application by following these steps:

  1. In your Maven pom.xml file, point to liquibase-commercial.jar as a dependency: <dependency> <groupId>org.liquibase</groupId> <artifactId>liquibase-commercial</artifactId> <version>4.33.0</version> </dependency>

  2. In your custom Java file, import the following: import com.datical.liquibase.ext.config.LiquibaseLabsConfiguration;

  3. In your custom Java file, call on the LiquibaseLabsConfiguration class. For example, to specify your license key so that you can run the Liquibase Secure update-one-changeset command: Scope.child(LiquibaseLabsConfiguration.LICENSE_KEY.getKey(), "myProLicenseKey", () -> new CommandScope(UpdateOneChangeSetSqlCommandStep.COMMAND_NAME) .addArgumentValue(DbUrlConnectionArgumentsCommandStep.DATABASE_ARG, liquibase.getDatabase()) .addArgumentValue(DatabaseChangelogCommandStep.CHANGELOG_FILE_ARG, "/db_schema/changelog.xml") .addArgumentValue(UpdateOneChangeSetCommandStep.CHANGESET_AUTHOR_ARG, "fl") .addArgumentValue(UpdateOneChangeSetCommandStep.CHANGESET_ID_ARG, "1") .addArgumentValue(UpdateOneChangeSetCommandStep.CHANGESET_PATH_ARG, "/db_schema/changelog.xml") .execute() );

For information on running Liquibase commands in Java files, see liquibase.command.CommandScope.