Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can I connect to an Azure SQL database using a managed identity? #93

Closed
mabster opened this issue Apr 25, 2022 · 2 comments · Fixed by #100
Closed

Can I connect to an Azure SQL database using a managed identity? #93

mabster opened this issue Apr 25, 2022 · 2 comments · Fixed by #100
Labels
idle Inactive for 14 days v2-candidate

Comments

@mabster
Copy link

mabster commented Apr 25, 2022

If I have an Azure App Service with a managed identity, I can give it db_datareader/db_datawriter access to my database like this:

CREATE USER [$appName] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [$appName];
ALTER ROLE db_datawriter ADD MEMBER [$appName];

(Where $appName is the name of the managed identity service principal.)

I can then connect to that database from the app service with a connection string like this:

Server=myserver.database.windows.net,1433;Initial Catalog=mydatabase;Authentication=Active Directory Default

Now, I've just learned that I can give my Azure SQL Server its own managed identity, and I'd love to be able to perform database actions (e.g. Entity Framework migrations) using that instead of maintaining an MSSQL user/password as the database owner.

Would it be possible to integrate this action with azure/login in such a way that the connection string can use the Authentication=Active Directory Default trick to connect using the service principal you've already logged in with? Or maybe you can think of an even easier way to pull this off.

This is all in the spirit of not having to store passwords anywhere. This way I wouldn't even need to store my db_owner password as a GitHub secret.

Thanks!

@mabster mabster added the need-to-triage Requires investigation label Apr 25, 2022
@mabster mabster changed the title Can I connec to an Azure SQL database using a managed identity? Can I connect to an Azure SQL database using a managed identity? Apr 26, 2022
@github-actions
Copy link

This issue is idle because it has been open for 14 days with no activity.

@zijchen
Copy link
Contributor

zijchen commented Jun 27, 2022

Support for this is added in v2

@zijchen zijchen closed this as completed Jun 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
idle Inactive for 14 days v2-candidate
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants