Azure AD/Entra authentication for passwordless connection to HASURA_GRAPHQL_DATABASE_URL using postgres databases #10228
Labels
k/enhancement
New feature or improve an existing feature
s/triaged
This has been reviewed by Hasura
v2
Is your proposal related to a problem?
When deploying Hasura on azure as either a container app or a Kubernetes deployment, we still have to have a username and password when connecting to postgres databases. Adding support for hasura to initialize the GRAPHQL and METADATA DBs using azure Managed Identities or Workload Identity for passwordless connections.
This would greatly simplify management of local users and passwords and their lifecycle while also improving on security.
Describe the solution you'd like
native support for Azure AD authentication using DefaultCredential (supports Workload Identity, System Assigned managed identity, azure cli, etc) for the database connection.
Describe alternatives you've considered
Proxy application that hasura connects to and handles the azure AD token lifecycle instead of hasura.
Sidecar container that writes the connectionstring to a file and refreshes it every x minutes that the hasura contrainer reads with the dynamic-file
The text was updated successfully, but these errors were encountered: