docs/integrations/app-connections/mssql.mdx
Infisical supports connecting to Microsoft SQL Server using database principals.
-- Grant server-level connect permission
GRANT CONNECT SQL TO [infisical_app];
-- If you intend to use Platform Managed Credentials (see below)
GRANT ALTER ANY LOGIN TO [infisical_app];
-- Switch to the specific database where you want to create the user
USE my_database;
-- Create the database user mapped to the login
CREATE USER [infisical_app] FOR LOGIN [infisical_app];
```
</Step>
<Step title="Grant Relevant Permissions">
Depending on how you intend to use your Microsoft SQL Server connection, you'll need to grant one or more of the following permissions.
<Tip>
To learn more about Microsoft SQL Server's permission system, please visit their [documentation](https://learn.microsoft.com/en-us/sql/t-sql/statements/grant-transact-sql?view=sql-server-ver16).
</Tip>
<Tabs>
<Tab title="Secret Rotation">
For Secret Rotations, your Infisical user will require the ability to alter other logins' passwords:
```SQL
GRANT ALTER ANY LOGIN TO infisical_login;
```
</Tab>
</Tabs>
</Step>
<Step title="Get Connection Details">
You'll need the following information to create your Microsoft SQL Server connection:
- `host` - The hostname or IP address of your Microsoft SQL Server server
- `port` - The port number your Microsoft SQL Server server is listening on (default: 1433)
- `database` - The name of the specific database you want to connect to
- `username` - The username of the login created in the steps above
- `password` - The password of the login created in the steps above
- `sslCertificate` (optional) - The SSL certificate required for connection (if configured)
<Note>
If you are self-hosting Infisical and intend to connect to an internal/private IP address, be sure to set the `ALLOW_INTERNAL_IP_CONNECTIONS` environment variable to `true`.
</Note>
</Step>
2. Select the **Microsoft SQL Server Connection** option.
3. Select the **Username & Password** method option and provide the details obtained from the previous section and press **Connect to Microsoft SQL Server**.
<Note>
Optionally, if you'd like Infisical to manage the credentials of this connection, you can enable the Platform Managed Credentials option.
If enabled, Infisical will update the password of the connection on creation to prevent external access to this database role.
</Note>
4. Your **Microsoft SQL Server Connection** is now available for use.
</Tab>
<Tab title="API">
To create a Microsoft SQL Server Connection, make an API request to the [Create Microsoft SQL Server
Connection](/api-reference/endpoints/app-connections/mssql/create) API endpoint.
<Note>
Optionally, if you'd like Infisical to manage the credentials of this connection, you can set the `isPlatformManagedCredentials` option to `true`.
If enabled, Infisical will update the password of the connection on creation to prevent external access to this database role.
</Note>
### Sample request
```bash Request
curl --request POST \
--url https://app.infisical.com/api/v1/app-connections/mssql \
--header 'Content-Type: application/json' \
--data '{
"name": "my-mssql-connection",
"method": "username-and-password",
"projectId": "7ffbb072-2575-495a-b5b0-127f88caef78",
"isPlatformManagedCredentials": true,
"credentials": {
"host": "123.4.5.6",
"port": 1433,
"database": "default",
"username": "infisical_login",
"password": "my-password",
"sslEnabled": true,
"sslRejectUnauthorized": true
},
}'
```
### Sample response
```bash Response
{
"appConnection": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "my-mssql-connection",
"projectId": "7ffbb072-2575-495a-b5b0-127f88caef78",
"version": 1,
"orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"app": "mssql",
"method": "username-and-password",
"isPlatformManagedCredentials": true,
"credentials": {
"host": "123.4.5.6",
"port": 1433,
"database": "default",
"username": "infisical_login",
"sslEnabled": true,
"sslRejectUnauthorized": true
}
}
}
```
</Tab>