Step 5: Use a Connect Identifier Containing Azure App Configuration Store Values

8.3.1.6 Step 5: Use a Connect Identifier Containing Azure App Configuration Store Values

Use the Azure App Configuration name, key path, and Azure authentication parameters in a database client connection identifier.

Syntax:

config-azure://{appconfig-name}[?key=prefix&label=value&option1=value1&option2=value2...]

The syntax details are:

Syntax Element	Description
`config-azure:// {appconfig-name}`	Name of your Azure App Configuration store.
`key=prefix`	Prefix of your key, without the `connect_descriptor` suffix in Azure App Configuration.
`label=value`	Label to be used for the connect descriptor. Labels are used to differentiate key-values with the same key. Refer to Microsoft Azure documentation for additional details.
`option=value`	Both the authentication method and corresponding authentication parameters to access your Centralized Configuration Provider. Authentication method: Use the `AUTHENTICATION` parameter to set one of the following authentication methods: For Azure Service Principal (or OAuth 2.0 Client Credentials): `AUTHENTICATION=AZURE_DEFAULT` Note: This is the default setting, which means that the OAuth 2.0 Client Credentials authentication method is implied by default and you do not need to explicitly specify the `AUTHENTICATION` parameter. In this case, you can omit this setting. For Azure Service Principal: `AUTHENTICATION=AZURE_SERVICE_PRINCIPAL` For Azure Managed Identity (or Azure Managed User Identity): `AUTHENTICATION=AZURE_MANAGED_IDENTITY` Authentication parameters: Set authentication parameters corresponding to your chosen authentication method, as described in AUTHENTICATION. For example, if using the default OAuth 2.0 Client Credentials authentication method, then set authentication parameters such as `AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, or `AZURE_CLIENT_SECRET`. For detailed information on all authentication parameters, see Authentication Parameters for Azure App Configuration Store.

Examples:

Let us look at some examples on how to specify a connect identifier string with different values:

With the default OAuth 2.0 Client Credentials authentication:

For multiple applications, such as sales and hr, you can store a connect descriptor for sales under the database/sales prefix and for hr under the database/hr prefix.
The following usage of naming looks up a connect_descriptor under the database/sales prefix. Here, the AUTHENTICATION=AZURE_DEFAULT setting is omitted. Authentication method for the default flow is implicit, so only the client credentials are specified using the AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID authentication parameters.
- With database credentials specified in the string:
```
sqlplus dbuser@"config-azure://dbclient-appconfig?key=database/sales/&azure_client_id=a1abc12-ab12-1ab1-a1b1-123a&azure_client_secret=A123B~AB123a~AB1234_abab&azure_tenant_id=123ab-12a12-1a2b1-a1b2"
```
- With database credentials stored in Azure Key Vault:
```
sqlplus /@"config-azure://dbclient-appconfig?key=database/sales/&azure_client_id=a1abc12-ab12-1ab1-a1b1-123a&azure_client_secret=A123B~AB123a~AB1234_abab&azure_tenant_id=123ab-12a12-1a2b1-a1b2"
```
Similarly, the following usage of naming looks up a connect_descriptor under the database/hr prefix:
- With database credentials specified in the string:
```
sqlplus dbuser@"config-azure://dbclient-appconfig?key=database/hr/&azure_client_id=a1abc12-ab12-1ab1-a1b1-123a&azure_client_secret=A123B~AB123a~AB1234_abab&azure_tenant_id=123ab-12a12-1a2b1-a1b2"
```
- With database credentials stored in Azure Key Vault:
```
sqlplus /@"config-azure://dbclient-appconfig?key=database/hr/&azure_client_id=a1abc12-ab12-1ab1-a1b1-123a&azure_client_secret=A123B~AB123a~AB1234_abab&azure_tenant_id=123ab-12a12-1a2b1-a1b2"
```

With the Azure Service Principal authentication:

With database credentials specified in the string:

sqlplus dbuser@"config-azure://dbclient-appconfig?key=database/sales/&authentication=azure_service_principal&azure_client_id=a1abc12-ab12-1ab1-a1b1-123a&azure_client_secret=A123B~AB123a~AB1234_abab&azure_client_certificate_path=/app/dbclient/certificate_for_authenticaion.txt&azure_tenant_id=123ab-12a12-1a2b1-a1b2"

With database credentials stored in Azure Key Vault:

sqlplus /@"config-azure://dbclient-appconfig?key=database/sales/&authentication=azure_service_principal&azure_client_id=a1abc12-ab12-1ab1-a1b1-123a&azure_client_secret=A123B~AB123a~AB1234_abab&azure_client_certificate_path=/app/dbclient/certificate_for_authenticaion.txt&azure_tenant_id=123ab-12a12-1a2b1-a1b2"

With the Azure Managed Identity authentication:

With database credentials specified in the string:

sqlplus dbuser@"config-azure://dbclient-appconfig?key=database/sales/&authentication=azure_managed_identity"

With database credentials stored in Azure Key Vault:

sqlplus /@"config-azure://dbclient-appconfig?key=database/sales/&authentication=azure_managed_identity"

Related Topics

Parent topic: Azure App Configuration Store