A blue database sits in a white cloud

Cloud-native database deployment authentication

Shawn Sesna

Shawn Sesna

August 31, 2022 • 3 mins

Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP) have introduced passwordless authentication mechanisms where resources such as virtual machines (VMs) can be assigned an identity (Azure), a service account (GCP), or a role (AWS) that can be used to authenticate to other resources such as database server instances.

Octopus Deploy has several built-in steps that support authenticating to resources using this method, however, database deployments are almost entirely done using community step templates.

The Octopus community has been hard at work updating templates to support cloud-native authentication.

In this post, I list templates updated with cloud provider authentication functionality.

Database technologies that support cloud-native authentication methods

Only some database technologies offered by cloud providers support cloud-native authentication. Below, I list by provider which technologies are supported:


  • Amazon Aurora
  • MariaDB
  • MySQL
  • PostgreSQL


  • Azure Cosmos DB
  • MySQL
  • PostgreSQL
  • Microsoft SQL Server


  • MySQL
  • PostgreSQL

Both GCP and AWS support Windows Authentication for Microsoft SQL Server, however, the server must connect to an Active Directory domain on the cloud provider.

Amazon Aurora and Azure Cosmos haven't been tested with the templates listed in this post.

Step templates with cloud authentication support

The following community step templates have been updated to support using cloud-native database authentication:

With the exception of SQL - Deploy DACPAC with AAD Auth support, the templates above work on Windows (PowerShell, PowerShell Core) and Linux (PowerShell Core) and have been updated with an Authentication Method selector that supports the following types:

  • AWS EC2 IAM Role
  • Azure Managed Identity
  • GCP Service Account
  • Username\Password
  • Windows Authentication

Authentication Selector

Flyway Database Migrations is only compatible with PowerShell Core.

SQL - Deploy DACPAC with AAD Auth support

Cloud-native authentication using the SQL - Deploy DACPAC with AAD Auth support template is limited to the Azure cloud provider and supports the following methods:

  • Azure Active Directory Integrated
  • Azure Active Directory Managed Identity
  • Azure Active Directory Username/Password
  • SQL Authentication
  • Windows Integrated

SQL - Deploy DACPAC with AAD Auth support Authentication Selector

SQL - Deploy DACPAC with AAD Auth support is written in PowerShell and makes use of .NET standard DLL files that are part of the SQL Server installation or SQL Server PowerShell module. Because of this, it doesn't work on the Linux operating system.


The Octopus community recognizes the advantages of using authentication mechanisms offered by cloud providers.

In this post, I listed templates that have been updated with cloud provider authentication functionality.

Learn more

Our Samples instance has updated examples that use cloud-native authentication:

Happy deployments!