I need to run some bulk operations overnight on an azure sql database.
I have a PowerShell script which uses invoke-sql commands using sql credentials for a service account. Here's an example:
$params = @{
'Database' = 'test-db'
'ServerInstance' = 'my-db.database.windows.net'
'Username' = 'service_account'
'Password' = 'my exposed password'
'OutputSqlErrors' = $true
'Query' = 'SELECT top 10 * FROM dbo.CaseHistory'
}
Invoke-Sqlcmd @params
I want to set this up as a windows scheduled task to run from my VM each night however I don't like having the SQL credentials there in the PowerShell script.
The VM in question has a system-assigned managed identity which I'm already using to access blob storage.
I've already set up a sql user for this identity in azure sql:
CREATE USER [myVmName] FROM EXTERNAL PROVIDER
And I've granted all the required permissions.
How do I use the managed identity from the PowerShell script?
P.S. I'm not precious about sticking with Invoke-Sqlcmd.