Database scoped credential with managed identity

Question

Database scoped credential with managed identity

Pythonista 5

Hi,

I'm trying to create scoped credentials for our SQL Serverless database, with our managed identity. I'm getting the following error when creating the credentials. Can someone help or explain how we can fix this?

Thank you in advance!

User's image

GeethaThatipatri-MSFT 29,587 Reputation points Microsoft Employee Moderator

2023-08-28T15:53:42.85+00:00

Hi @Pythonista Thanks for posting your question in Microsoft Q&A forum

Looks like you're trying to use a user-assigned managed identity can you please confirm?

Regards

Geetha
Oury Ba-MSFT 21,126 Reputation points Microsoft Employee Moderator

2023-08-29T18:42:46.13+00:00

@Pythonista Did you had the chance to check my above suggestion.

Please let me know if you were able to sort this out.

Regards,

Oury
Jasmer 0 Reputation points

2023-09-12T14:28:56.34+00:00

Yes, how do we do this via User Managed identity, where we don't have access to secret/password?
GeethaThatipatri-MSFT 29,587 Reputation points Microsoft Employee Moderator

2023-09-12T14:45:22.4666667+00:00

@Jasmer I've never tried that, and don't see any documentation that it's supported. I used the system-assigned managed identity, eg

CREATE DATABASE SCOPED CREDENTIAL SynapseIdentity
WITH IDENTITY = 'Managed Identity';

Regards

Geetha

1 answer

Your answer

GeethaThatipatri-MSFT 29,587 Reputation points Microsoft Employee Moderator

2023-08-28T15:53:42.85+00:00

Hi @Pythonista Thanks for posting your question in Microsoft Q&A forum

Looks like you're trying to use a user-assigned managed identity can you please confirm?

Regards

Geetha
Oury Ba-MSFT 21,126 Reputation points Microsoft Employee Moderator

2023-08-29T18:42:46.13+00:00

@Pythonista Did you had the chance to check my above suggestion.

Please let me know if you were able to sort this out.

Regards,

Oury
Jasmer 0 Reputation points

2023-09-12T14:28:56.34+00:00

Yes, how do we do this via User Managed identity, where we don't have access to secret/password?
GeethaThatipatri-MSFT 29,587 Reputation points Microsoft Employee Moderator

2023-09-12T14:45:22.4666667+00:00

@Jasmer I've never tried that, and don't see any documentation that it's supported. I used the system-assigned managed identity, eg

CREATE DATABASE SCOPED CREDENTIAL SynapseIdentity
WITH IDENTITY = 'Managed Identity';

Regards

Geetha

Answer 1

Pythonista

The correct syntax is

CREATE DATABASE SCOPED CREDENTIAL credential_name
WITH IDENTITY = 'identity_name'
    [ , SECRET = 'secret' ]

Before creating a database scoped credential, the database must have a master key to protect the credential. For more information, see CREATE MASTER KEY (Transact-SQL).

When IDENTITY is a Windows user, the secret can be the password. The secret is encrypted using the service master key. If the service master key is regenerated, the secret is re-encrypted using the new service master key.

https://learn.microsoft.com/en-us/sql/t-sql/statements/create-database-scoped-credential-transact-sql?view=sql-server-2017

Regards,

Oury

Share via

Database scoped credential with managed identity

1 answer

Your answer