Expand description
§mssql-auth
Authentication strategies for SQL Server connections.
This crate provides various authentication methods, isolated from connection logic for better modularity and testing.
§Supported Authentication Methods
| Method | Feature Flag | Status | Description |
|---|---|---|---|
| SQL Authentication | default | ✅ Implemented | Username/password |
| Azure AD Token | default | ✅ Implemented | Pre-obtained access token |
| Azure Managed Identity | azure-identity | ✅ Implemented | VM/container identity |
| Service Principal | azure-identity | ✅ Implemented | App credentials |
| Integrated (Kerberos) | integrated-auth | ✅ Implemented | GSSAPI/Kerberos (Linux/macOS) |
| Windows SSPI | sspi-auth | ✅ Implemented | Native Windows SSPI |
| Certificate | cert-auth | ✅ Implemented | Client certificate (mTLS) |
§Authentication Tiers
Per ARCHITECTURE.md, authentication is tiered:
§Tier 1 (Core - Pure Rust, Default) ✅ Implemented
SqlServerAuth- Username/password via Login7AzureAdAuth- Pre-acquired access token
§Tier 2 (Azure Native - azure-identity feature) ✅ Implemented
ManagedIdentityAuth- Azure VM/Container identityServicePrincipalAuth- Client ID + Secret
§Tier 3 (Enterprise - integrated-auth or sspi-auth feature) ✅ Implemented
IntegratedAuth- Kerberos (Linux/macOS via GSSAPI)SspiAuth- Windows SSPI (native Windows, cross-platform via sspi-rs)
§Tier 4 (Certificate - cert-auth feature) ✅ Implemented
CertificateAuth- Client certificate authentication (mTLS)
§Secure Credential Handling
Enable the zeroize feature for secure credential handling:
mssql-auth = { version = "0.1", features = ["zeroize"] }This enables secure credential handling that automatically zeroes sensitive data from memory when dropped.
§Example
use mssql_auth::{SqlServerAuth, AzureAdAuth, AuthProvider};
// SQL Server authentication
let sql_auth = SqlServerAuth::new("sa", "Password123!");
let auth_data = sql_auth.authenticate().unwrap();
// Azure AD authentication with pre-acquired token
let azure_auth = AzureAdAuth::with_token("eyJ0eXAi...");Re-exports§
pub use credentials::Credentials;pub use error::AuthError;pub use provider::AsyncAuthProvider;pub use provider::AuthData;pub use provider::AuthMethod;pub use provider::AuthProvider;pub use azure_ad::AzureAdAuth;pub use azure_ad::FedAuthLibrary;pub use sql_auth::SqlServerAuth;pub use sql_auth::SqlAuthenticator;Deprecated pub use encryption::CekMetadata;pub use encryption::ColumnEncryptionConfig;pub use encryption::ColumnEncryptionInfo;pub use encryption::EncryptedValue;pub use encryption::EncryptionError;pub use encryption::EncryptionType;pub use encryption::KeyStoreProvider;
Modules§
- azure_
ad - Azure AD / Entra ID authentication implementation.
- credentials
- Credential types for authentication.
- encryption
- Always Encrypted infrastructure for SQL Server.
- error
- Authentication error types.
- provider
- Authentication provider traits.
- sql_
auth - SQL Server authentication implementation.