Guidance on how to do password-less login using Azure Service Principal or Managed Identity

[sivawba]

Issue

We are trying to port a Rails application to Azure cloud and would like to use Azure Service Principal or Managed Identity instead of the database.yml username/password, while connecting to Azure SQL-MI

Is it possible to do this without specifying username/password in database.yml by using access_token from Azure IMDS endpoint as shown here for Python?

Any pointers on how to accomplish this would be greatly helpful. Thanks again for a great library that is helping us move forward with the port.

Expected behavior

Login to Azure SQLServer MI without providing username/password in database.yml

Actual behavior

Not sure how to proceed or whether this can be done

Details

• Rails version: 5.2.3

• SQL Server adapter version: 5.2.0

• TinyTDS version: 2.1.5

• FreeTDS details: 1.1.24

     MS db-lib source compatibility: no
        Sybase binary compatibility: no
                      Thread safety: yes
                      iconv library: yes
                        TDS version: 7.3
                              iODBC: no
                           unixodbc: no
              SSPI "trusted" logins: no
                           Kerberos: no
                            OpenSSL: yes
                             GnuTLS: no
                               MARS: yes
  

[Michoels]

This isn't supported by FreeTDS yet.
I opened an issue for it here

[Michoels]

Update:
The azure-blob gem just added support for Entra ID (Managed Identity) in release 0.5.0.
So obtaining a valid auth token from Entra ID in Ruby is now a solved problem.

We can't take advantage of that yet, as FreeTDS still does not support Entra ID.

See TinyTDS issue 512