Microsoft SQL Server Connection
Learn how to configure a Microsoft SQL Server Connection for Hanzo KMS.
Hanzo KMS supports connecting to Microsoft SQL Server using database principals.
Configure a Microsoft SQL Server Principal for Hanzo KMS
Hanzo KMS recommends creating a designated server login and database user in your Microsoft SQL Server database for your connection.
-- Create login at the server level
CREATE LOGIN [kms_app] WITH PASSWORD = 'my-password';
-- Grant server-level connect permission
GRANT CONNECT SQL TO [kms_app];
-- If you intend to use Platform Managed Credentials (see below)
GRANT ALTER ANY LOGIN TO [kms_app];
-- Switch to the specific database where you want to create the user
USE my_database;
-- Create the database user mapped to the login
CREATE USER [kms_app] FOR LOGIN [kms_app];Depending on how you intend to use your Microsoft SQL Server connection, you'll need to grant one or more of the following permissions.
To learn more about Microsoft SQL Server's permission system, please visit their documentation.
For Secret Rotations, your Hanzo KMS user will require the ability to alter other logins' passwords:
GRANT ALTER ANY LOGIN TO kms_login;You'll need the following information to create your Microsoft SQL Server connection:
host- The hostname or IP address of your Microsoft SQL Server serverport- The port number your Microsoft SQL Server server is listening on (default: 1433)database- The name of the specific database you want to connect tousername- The username of the login created in the steps abovepassword- The password of the login created in the steps abovesslCertificate(optional) - The SSL certificate required for connection (if configured)
If you are self-hosting Hanzo KMS and intend to connect to an internal/private IP address, be sure to set the ALLOW_INTERNAL_IP_CONNECTIONS environment variable to true.
Create Connection in Hanzo KMS
-
Navigate to the Integrations tab in the desired project, then select App Connections.
-
Select the Microsoft SQL Server Connection option.
-
Select the Username & Password method option and provide the details obtained from the previous section and press Connect to Microsoft SQL Server.
Optionally, if you'd like Hanzo KMS to manage the credentials of this connection, you can enable the Platform Managed Credentials option. If enabled, Hanzo KMS will update the password of the connection on creation to prevent external access to this database role.
- Your Microsoft SQL Server Connection is now available for use.
To create a Microsoft SQL Server Connection, make an API request to the Create Microsoft SQL Server Connection API endpoint.
Optionally, if you'd like Hanzo KMS to manage the credentials of this connection, you can set the isPlatformManagedCredentials option to true.
If enabled, Hanzo KMS will update the password of the connection on creation to prevent external access to this database role.
Sample request
curl --request POST \
--url https://app.kms.hanzo.ai/api/v1/app-connections/mssql \
--header 'Content-Type: application/json' \
--data '{
"name": "my-mssql-connection",
"method": "username-and-password",
"projectId": "7ffbb072-2575-495a-b5b0-127f88caef78",
"isPlatformManagedCredentials": true,
"credentials": {
"host": "123.4.5.6",
"port": 1433,
"database": "default",
"username": "kms_login",
"password": "my-password",
"sslEnabled": true,
"sslRejectUnauthorized": true
},
}'Sample response
{
"appConnection": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "my-mssql-connection",
"projectId": "7ffbb072-2575-495a-b5b0-127f88caef78",
"version": 1,
"orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"app": "mssql",
"method": "username-and-password",
"isPlatformManagedCredentials": true,
"credentials": {
"host": "123.4.5.6",
"port": 1433,
"database": "default",
"username": "kms_login",
"sslEnabled": true,
"sslRejectUnauthorized": true
}
}
}How is this guide?
Last updated on