Support for Azure Managed Identities for DB authentication #3742

New Issue

OVERLORD · 2026-02-05T07:19:03+03:00

OVERLORD commented

2026-02-05 07:19:03 +03:00

Originally created by @scwheele on GitHub (Apr 13, 2023).

Describe the feature you'd like

Hello!

We're looking to move away from traditional username/password authentication to the database for Bookstack. Currently, we use Azure MySQL as the database and that works fine. We'd like to use system/user assigned managed identity authentication for this going forward.

Based on Microsoft documentation this can be accomplished by posting a GET request to the identity endpoint from the machine that as a managed identity assigned. (docs here: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http)

That token being returned can be passed in the password field for the database connection configuration.

Describe the benefits this would bring to existing BookStack users

Using Managed Identities is the preferred method of authentication for folks using Azure AD as it's more secure and we won't need to worry about password rotations. Since the token changes frequently, we won't have to worry about compromised credentials as much.

Can the goal of this request already be achieved via other means?

No, there will need to be a call before the database connection to retrieve the authentication token.

Have you searched for an existing open/closed issue?

I have searched for existing issues and none cover my fundemental request

How long have you been using BookStack?

6 months to 1 year

Additional context

No response

Originally created by @scwheele on GitHub (Apr 13, 2023). ### Describe the feature you'd like Hello! We're looking to move away from traditional username/password authentication to the database for Bookstack. Currently, we use Azure MySQL as the database and that works fine. We'd like to use system/user assigned managed identity authentication for this going forward. Based on Microsoft documentation this can be accomplished by posting a GET request to the identity endpoint from the machine that as a managed identity assigned. (docs here: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http) That token being returned can be passed in the password field for the database connection configuration. ### Describe the benefits this would bring to existing BookStack users Using Managed Identities is the preferred method of authentication for folks using Azure AD as it's more secure and we won't need to worry about password rotations. Since the token changes frequently, we won't have to worry about compromised credentials as much. ### Can the goal of this request already be achieved via other means? No, there will need to be a call before the database connection to retrieve the authentication token. ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundemental request ### How long have you been using BookStack? 6 months to 1 year ### Additional context _No response_

OVERLORD added the 🔨 Feature Request label 2026-02-05 07:19:03 +03:00

OVERLORD closed this issue

2026-02-05 07:19:05 +03:00

OVERLORD commented

2026-02-05 07:19:10 +03:00

@ssddanbrown commented on GitHub (Apr 13, 2023):

Hi @scwheele,
This is not something I'd look to support as it's platform-specific, would add complexity and is not something that's significantly desired.

I can only advise that, if really desired on your instance, you add your own process to the host system to fetch the credentials as required then expose those to BookStack via an env option.

@ssddanbrown commented on GitHub (Apr 13, 2023): Hi @scwheele, This is not something I'd look to support as it's platform-specific, would add complexity and is not something that's significantly desired. I can only advise that, if really desired on your instance, you add your own process to the host system to fetch the credentials as required then expose those to BookStack via an env option.

OVERLORD referenced this issue

2026-02-05 10:27:48 +03:00

[PR #3742] [CLOSED] Multiple LDAP servers #6254

OVERLORD referenced this issue

2026-02-05 10:28:05 +03:00

[PR #3784] [CLOSED] Ldap host failover #6266

Sign in to join this conversation.