Guidance on how to do password-less login using Azure Service Principal or Managed Identity

[sivawba]

Issue

We are trying to port a Rails application to Azure cloud and would like to use Azure Service Principal or Managed Identity instead of the database.yml username/password, while connecting to Azure SQL-MI

Is it possible to do this without specifying username/password in database.yml by using access_token from Azure IMDS endpoint as shown here for Python?

Any pointers on how to accomplish this would be greatly helpful. Thanks again for a great library that is helping us move forward with the port.

Expected behavior

Login to Azure SQLServer MI without providing username/password in database.yml

Actual behavior

Not sure how to proceed or whether this can be done

Details

• Rails version: 5.2.3
• SQL Server adapter version: 5.2.0
• TinyTDS version: 2.1.5

• FreeTDS details: 1.1.24

   MS db-lib source compatibility: no
      Sybase binary compatibility: no
                    Thread safety: yes
                    iconv library: yes
                      TDS version: 7.3
                            iODBC: no
                         unixodbc: no
            SSPI "trusted" logins: no
                         Kerberos: no
                          OpenSSL: yes
                           GnuTLS: no
                             MARS: yes

[Michoels]

This isn't supported by FreeTDS yet. I opened an issue for it here

[Michoels]

Update: The azure-blob gem just added support for Entra ID (Managed Identity) in release 0.5.0. So obtaining a valid auth token from Entra ID in Ruby is now a solved problem.

We can't take advantage of that yet, as FreeTDS still does not support Entra ID.

See TinyTDS issue 512