Use a managed identity to connect Azure SQL Database to an Azure Spring Cloud app
This article applies to: ✔️ Java
This article shows you how to create a managed identity for an Azure Spring Cloud app and use it to access Azure SQL Database.
Azure SQL Database is the intelligent, scalable, relational database service built for the cloud. It’s always up to date, with AI-powered and automated features that optimize performance and durability. Serverless compute and Hyperscale storage options automatically scale resources on demand, so you can focus on building new applications without worrying about storage size or resource management.
- Follow the Spring Data JPA tutorial to provision an Azure SQL Database and get it work with a Java app locally
- Follow the Azure Spring Cloud system-assigned managed identity tutorial to provision an Azure Spring Cloud app with MI enabled
Grant permission to the Managed Identity
Connect to your SQL server and run the following SQL query:
CREATE USER [<MIName>] FROM EXTERNAL PROVIDER; ALTER ROLE db_datareader ADD MEMBER [<MIName>]; ALTER ROLE db_datawriter ADD MEMBER [<MIName>]; ALTER ROLE db_ddladmin ADD MEMBER [<MIName>]; GO
<MIName> follows the rule:
<service instance name>/apps/<app name>, for example:
myspringcloud/apps/sqldemo. You can also query the MIName with Azure CLI:
az ad sp show --id <identity object ID> --query displayName
Configure your Java app to use Managed Identity
Open the src/main/resources/application.properties file, and add
Authentication=ActiveDirectoryMSI; at the end of the following line. Be sure to use the correct value for $AZ_DATABASE_NAME variable.
Build and deploy the app to Azure Spring Cloud
Rebuild the app and deploy it to the Azure Spring Cloud app provisioned in the second bullet point under Prerequisites. Now you have a Spring Boot application, authenticated by a Managed Identity, that uses JPA to store and retrieve data from an Azure SQL Database in Azure Spring Cloud.