Skip to content

Microsoft SQL Server (MSSQL) or Azure SQLΒΆ

Pre-requisitesΒΆ

To create an Instance Secret for securing MSSQL or Azure SQL credentials, you must have the following information:

Access Permissions in DataOSΒΆ

To create an Instance Secret in DataOS, at least one of the following role tags must be assigned:

  • roles:id:data-dev

  • roles:id:system-dev

  • roles:id:user

Checking Assigned Roles

Use the following command to verify assigned roles:

dataos-ctl user get

If any required roles are missing, contact a DataOS Operator or submit a Grant Request for role assignment.

Alternatively, if access is managed through use cases, ensure the following use case is assigned:

  • Manage All Instance-level Resources of DataOS in User Layer

    To validate assigned use cases, refer to the Bifrost Application Use Cases section

    Metis UI
    Bifrost Governance

Source System RequirementsΒΆ

  • Username: The MSSQL username used to authenticate and access your MSSQL database. You can retrieve this from the MsSQL database admin by asking them to provide the username for your account.

  • Password: The password associated with the MSSQL username for authentication. You can obtain this from the MSSQL database admin, or if the password is already set, you will need to securely retrieve it.

Ensure you have these credentials ready before proceeding with the Instance Secret creation process.

Create an Instance Secret for securing MSSQL or Azure SQL credentialsΒΆ

Microsoft SQL Server (MSSQL) is a SQL database. Azure SQL, the cloud-based managed version of MSSQL, offers similar functionality but is optimized for cloud scalability, automated maintenance, and high availability. While MSSQL requires manual setup and management, Azure SQL provides a fully managed service, reducing administrative overhead.

To create an MSSQL or Azure SQL Instance Secret in DataOS, ensure you have access to the DataOS Command Line Interface (CLI) and the required permissions. Follow the steps below to complete the creation process efficiently and securely.

Step 1: Create a manifest fileΒΆ

Begin by creating a manifest file to hold the configuration details for your MSSQL Instance Secret. Depending on your access needs (read-only or read-write), start with the corresponding YAML template provided below.

name: ${mssql-depot-name}-r # Unique identifier for Resource, replace ${mssql-depot-name} with depot name
version: v1 # Manifest version
type: instance-secret # Type of the Resource
description: ${description} # Purpose of the Instance-secret
layer: user # DataOS layer
instance-secret:
type: key-value-properties # Secret type
acl: r # Access control: 'r' for read-only
data:
    username: ${username} # replace with MSSQL or Azure SQL username
    password: ${password} # replace with MSSQL or Azure SQL password

name: ${mssql-depot-name}-rw # Unique identifier for Resource, replace ${mssql-depot-name} with depot name
version: v1 # Manifest version
type: instance-secret # Type of the Resource
description: ${description} # Purpose of the Instance-secret
layer: user # DataOS layer
instance-secret:
type: key-value-properties # Secret type
acl: rw # Access control: 'rw' for read-write
data:
    username: ${username} # replace with MSSQL or Azure SQL username
    password: ${password} # replace with MSSQL or Azure SQL password

Resource meta section

The Instance Secret manifest includes a Resource meta section with essential metadata attributes common to all resource types. Some attributes in this section are optional, while others are mandatory. For more details, refer to the configurations section.

Instance-secret specific section

This section focuses on attributes specific to MSSQL or Azure SQL Instance Secrets. It includes details like:

  • type: Specifies the Instance Secret type (key-value-properties).

  • acl: Access control level (read-only or read-write).

  • data: Contains sensitive information such as Azure endpoint suffix, storage account key, and storage account name.

For more information, refer to the configurations section.

Step 2: Apply the manifestΒΆ

To create the MSSQL Instance Secret within DataOS, use the apply command. Since Instance Secrets are Instance-level resources, do not specify a workspace while applying the manifest.

dataos-ctl resource apply -f ${manifest-file-path}

dataos-ctl apply -f ${manifest-file-path}

dataos-ctl resource apply -f depot_secret.yaml
Example usage:
$ dataos-ctl apply -f depot_secret.yaml
INFO[0000] πŸ›  apply...                                   
INFO[0000] πŸ”§ applying depotsecret-r:v1:instance-secret... 
INFO[0004] πŸ”§ applying depotsecret-r:v1:instance-secret...created 
INFO[0004] πŸ›  apply...complete

Step 3: Validate the Instance SecretΒΆ

To validate the proper creation of the Instance Secret in DataOS, use the get command.

dataos-ctl resource get -t instance-secret

INFO[0000] πŸ” get...                                     
INFO[0000] πŸ” get...complete                             

        NAME     | VERSION |      TYPE       | WORKSPACE | STATUS |  RUNTIME  |  OWNER             
-----------------|---------|-----------------|-----------|--------|-----------|------------------------------
    depotsecret | v1      | instance-secret |           | active |           | iamgroot

To get the list of all the Instance Secret within the Dataos environment execute the following command.

dataos-ctl resource get -t instance-secret -a

dataos-ctl resource get -t instance-secret -a
INFO[0000] πŸ” get...                                     
INFO[0000] πŸ” get...complete                             

            NAME            | VERSION |      TYPE       | WORKSPACE | STATUS | RUNTIME |         OWNER          
-----------------------------|---------|-----------------|-----------|--------|---------|------------------------
abfssv2alpha-r             | v1      | instance-secret |           | active |         | iamgroot       
abfssv2alpha-rw            | v1      | instance-secret |           | active |         | iamgroot       
abfsswithoutmetastore-r    | v1      | instance-secret |           | active |         | thisisthor              
abfsswithoutmetastore-rw   | v1      | instance-secret |           | active |         | thisisthor

Alternatively, you can also check on Metis UI by searching the Instance Secret by name.

Metis UI
Metis UI

Delete the Instance SecretΒΆ

To delete an Instance Secret, use one of the following methods:

Method 1ΒΆ

Specify the Resource type and Instance Secret name in the delete command.

dataos-ctl resource delete -t ${resource-type} -n ${resource-name}

dataos-ctl delete -t ${resource-type} -n ${resource-name}

dataos-ctl resource delete -t instance-secret -n sampleinstsecret
Expected output:
dataos-ctl delete -t instance-secret -n sampleinstsecret
INFO[0000] πŸ—‘ delete...                                  
INFO[0000] πŸ—‘ deleting sampleinstsecret:instance-secret...deleted
INFO[0000] πŸ—‘ delete...complete

Method 2ΒΆ

Copy the Instance Secret name, version, and Resource-type from the output of the get command separated by '|' enclosed within quotes and use it as a string in the delete command.

dataos-ctl resource delete -i "${resource-name|version|resource-type}"

dataos-ctl delete -i "${resource-name|version|resource-type}"

dataos-ctl delete -i "sfdepot01-r | v1      | instance-secret | public   "
INFO[0000] πŸ—‘ delete...                                  
INFO[0000] πŸ—‘ deleting sfdepot01-r:v1:instance-secret... 
INFO[0000] πŸ—‘ deleting sfdepot01-r:v1:instance-secret...deleted 
INFO[0000] πŸ—‘ delete...complete

Method 3ΒΆ

Specify the path of the manifest file and use the delete command.

dataos-ctl resource delete -f ${manifest-file-path}

dataos-ctl delete -f ${manifest-file-path}

dataos-ctl delete -f /home/desktop/connect-city/instance_secret.yaml
Expected output:
INFO[0000] πŸ—‘ delete...                                  
INFO[0000] πŸ—‘ deleting sampleinstsecret:instance-secret...deleted
INFO[0000] πŸ—‘ delete...complete
Was this page helpful?