How to use Sqlpackage with Managed Identity
Published Oct 03 2022 01:47 AM 1,838 Views

To export Azure SQL database using Sqlpackage and Managed Identity:



Enable system assigned managed identity on an Azure VM 




- Enable AAD auth on Azure SQL server

- Conn to Azure SQL database via AAD admin

- Create contained user for the managed identity (using Azure VM name as contained username)


        create user <vmname> from external provider;

        alter role db_owner add member <vmname>;



On the Azure VM where we enabled System assigned Managed Identity, execute below to test getting access token:


# Using PowerShell’s Invoke-WebRequest, make a request to the local managed identity's endpoint to get an access token for Azure SQL:

$response = Invoke-WebRequest -Uri '' -Method GET -Headers @{Metadata="true"}


# Convert the response from a JSON object to a PowerShell object:

$content = $response.Content | ConvertFrom-Json


# Extract the access token from the response:

$AccessToken = $content.access_token



Run sqlpackage + managed identity to export database


./sqlpackage.exe /at:$AccessToken /Action:Export /TargetFile:"C:\AdventureWorksLT.bacpac" \ /SourceConnectionString:"Server=tcp:{yourserver},1433;Initial Catalog=AdventureWorksLT;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"

# OR

./sqlpackage.exe /at:$($AccessToken_Object.Token) /Action:Export /TargetFile:"C:\AdventureWorksLT.bacpac" \ /SourceConnectionString:"Server=tcp:{yourserver},1433;Initial Catalog=AdventureWorksLT;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"



Tutorial: Use a managed identity to access Azure SQL Database - Windows - Azure AD - Microsoft Entra...

How managed identities for Azure resources work with Azure virtual machines - Microsoft Entra | Micr...

SqlPackage Export - SQL Server | Microsoft Learn

Version history
Last update:
‎Oct 03 2022 01:45 AM
Updated by: