Can I connect to an Azure SQL database using a managed identity?

[mabster]

If I have an Azure App Service with a managed identity, I can give it db_datareader/db_datawriter access to my database like this:

CREATE USER [$appName] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [$appName];
ALTER ROLE db_datawriter ADD MEMBER [$appName];

(Where $appName is the name of the managed identity service principal.)

I can then connect to that database from the app service with a connection string like this:

Server=myserver.database.windows.net,1433;Initial Catalog=mydatabase;Authentication=Active Directory Default

Now, I've just learned that I can give my Azure SQL Server its own managed identity, and I'd love to be able to perform database actions (e.g. Entity Framework migrations) using that instead of maintaining an MSSQL user/password as the database owner.

Would it be possible to integrate this action with azure/login in such a way that the connection string can use the Authentication=Active Directory Default trick to connect using the service principal you've already logged in with? Or maybe you can think of an even easier way to pull this off.

This is all in the spirit of not having to store passwords anywhere. This way I wouldn't even need to store my db_owner password as a GitHub secret.

Thanks!

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[zijchen]

Support for this is added in v2