We are currently working on a project to migrate all our databases from on-premises SQL Server to Azure SQL Managed Instance. One of our key goals is to eliminate SQL users and any clear-text usernames or passwords from connection strings.
I’m new to UiPath and was assigned to investigate whether we can authenticate using an Azure AD (Entra) service principal. I discovered that the UiPath.Database.Activities package supports ActiveDirectoryServicePrincipal authentication, but despite trying many variations, I haven’t had any success.
My service principal has been added to the database as a contained user with db_owner permissions.
To connect to Azure SQL with a service principal in UiPath, use ActiveDirectoryServicePrincipal authentication and include the service principal’s Client ID and Secret in the connection string. Ensure Encrypt=True and TrustServerCertificate=False for secure connections. Update the UiPath.Database.Activities package to the latest version to fully support this authentication method.
Ideally the connection string itself or the username and password are stored in credential store in orchestrator or outside and replaced during execution so that they are not exposed
Also while doing these on these activities you can use private property to not log these values as well
You are on the right track, the service principal connection works only when ClientID and Secret are supplied in the connection string, but UiPath does not natively mask the secret. The recommended approach is to store the secret securely in Orchestrator Assets or Windows Credential Manager and reference it in the workflow, so it’s never exposed in plain text. This way, your connection string can be built dynamically at runtime using UserID = <ClientID> and Password = Asset/credential value, keeping credentials safe while still using ActiveDirectoryServicePrincipal.