How Can I Set Up Azure Key Vault to Securely Access My On-Prem SQL Database?

Have you checked out Microsoft’s documentation? There are some comprehensive guides that outline how to set up Azure Key Vault with on-prem SQL servers, including authentication modes and best practices. You should focus on using dedicated Entra ID identities for added security in your app. It's definitely a safe route to take if you're looking to securely manage database credentials!

It sounds like you’re on the right track! First, you’ll want to give your SQL Server a managed identity, which is crucial for interacting with Azure Key Vault. If you’re using an on-prem SQL Server, you might also need Azure Arc to enable this feature.

Next, grant that managed identity access to your Key Vault. This will allow your application to authenticate and pull the secrets (like DB credentials) directly. Just keep in mind that if you want tighter security, you may want to implement Azure AD authentication for your SQL Server as well!

To access your on-prem SQL DB with Azure Key Vault effectively, you can store your DB password in Key Vault as a secret. Your application then retrieves this secret (the password) via a method like MS Graph or direct API calls.

The authentication to Key Vault depends on where your app runs. If it’s Azure-hosted, a managed identity is the way to go. However, since both your app and the database are on-prem, using Kerberos for authentication might be a good approach to avoid hardcoding passwords in your application.