使用 Azure 虚拟机系统分配的托管标识来访问 Azure SQL 从 Z70530184AD4679A

Question

I need to run some bulk operations overnight on an azure sql database.

I have a PowerShell script which uses invoke-sql commands using sql credentials for a service account. Here's an example:

$params = @{
      'Database' = 'test-db'
      'ServerInstance' = 'my-db.database.windows.net'
      'Username' = 'service_account'
      'Password' = 'my exposed password'
      'OutputSqlErrors' = $true
      'Query' = 'SELECT top 10 * FROM dbo.CaseHistory'
}
Invoke-Sqlcmd @params

I want to set this up as a windows scheduled task to run from my VM each night however I don't like having the SQL credentials there in the PowerShell script.

The VM in question has a system-assigned managed identity which I'm already using to access blob storage.

I've already set up a sql user for this identity in azure sql:

CREATE USER [myVmName] FROM EXTERNAL PROVIDER

And I've granted all the required permissions.

How do I use the managed identity from the PowerShell script?

PS I'm not precious about sticking with Invoke-Sqlcmd.

Answer 1

Congratulations Twisted have found the solution:

"I found this page with a section right at the bottom on using PowerShell with managed identities: Tutorial: Use a Windows VM system-assigned managed identity to access Azure SQL "

I help him post it as answer and this can be beneficial to other community members.